I'm using Centos / RHEL 5.2 using the stock LDAP.. I'm trying to get Apache to authenicate with my LDAP server... Using other client software I can bind as the user 'bob'.
Here is my Apache config:
<VirtualHost *:443> ServerName addressbook-stage.acme.com AllowEncodedSlashes on ProxyPass / http://domu-140.acme.com/ ProxyPassReverse / http://domu-140.acme.com/ <Proxy *> allow from all </Proxy> <Location /> AuthType Basic AuthName "Login with your Acme ID" #AuthLDAPEnabled on AuthBasicProvider ldap AuthLDAPURL ldap://192.168.150.140:389/ou=People,dc=acme,dc=com AuthLDAPBindDN uid=root,ou=People,dc=acme,dc=com AuthLDAPBindPassword passwd #require group cn=it,ou=groups,dc=acme,dc=com require valid-user bob </Location> </VirtualHost>
Here is my LDAP config:
access to attrs=userPassword by anonymous auth by self write by * none
# private LDAP Addressbook is readable and writable for the owner only access to dn.regex="(.*,)?ou=Contacts,uid=([^,]+),ou=People,(.*)$" by dn.regex="uid=$2,ou=People,$3" write by * none
# global LDAP Addressbook is writable for all authenticated users # This entry has to be _before_ any other entry that matches the contact # tree eg. the * entry access to dn.subtree="ou=Contacts,dc=acme,dc=com" by users write by users read
# The admin dn has full write access access to * by users read by peername="IP=192.168.150.5" read
Here is the error from from OpenLDAP:
Aug 24 03:57:06 localhost slapd[23856]: conn=2 fd=14 ACCEPT from IP= 192.168.150.5:59041 (IP=0.0.0.0:389) Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=0 BIND dn="uid=root,ou=People,dc=acme,dc=com" method=128 Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=0 BIND dn="uid=root,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0 Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=0 RESULT tag=97 err=0 text= Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=1 SRCH base="ou=People,dc=acme,dc=com" scope=2 deref=3 filter="(&(objectClass=*)(uid=bob))" Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 BIND anonymous mech=implicit ssf=0 Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 BIND dn="uid=bob,ou=People,dc=acme,dc=com" method=128 Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 BIND dn="uid=bob,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0 Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 RESULT tag=97 err=0 text= Aug 24 03:57:37 localhost slapd[23856]: conn=3 fd=17 ACCEPT from IP= 192.168.150.5:59042 (IP=0.0.0.0:389) Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=0 BIND dn="uid=root,ou=People,dc=acme,dc=com" method=128 Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=0 BIND dn="uid=root,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0 Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=0 RESULT tag=97 err=0 text= Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=1 SRCH base="ou=People,dc=acme,dc=com" scope=2 deref=3 filter="(&(objectClass=*)(uid=bmason))" Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 BIND anonymous mech=implicit ssf=0 Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 BIND dn="uid=bob,ou=People,dc=acme,dc=com" method=128 Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 BIND dn="uid=bob,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0 Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 RESULT tag=97 err=0 text=