I'm using Centos / RHEL 5.2 using the stock LDAP.. I'm trying to get Apache to authenicate with my LDAP server... Using other client software I can bind as the user 'bob'.
Here is my Apache config:
<VirtualHost *:443> ServerName addressbook-stage.acme.com
AllowEncodedSlashes on ProxyPass / http://domu-140.acme.com/
ProxyPassReverse / http://domu-140.acme.com/
<Proxy *>
allow from all
</Proxy>
<Location />
AuthType Basic
AuthName "Login with your Acme ID"
#AuthLDAPEnabled on
AuthBasicProvider ldap
AuthLDAPURL ldap://192.168.150.140:389/ou=People,dc=acme,dc=com
AuthLDAPBindDN uid=root,ou=People,dc=acme,dc=com
AuthLDAPBindPassword passwd
#require group cn=it,ou=groups,dc=acme,dc=com
require valid-user bob
</Location>
</VirtualHost>
Here is my LDAP config:
access to attrs=userPassword
by anonymous auth
by self write
by * none
# private LDAP Addressbook is readable and writable for the owner only
access to dn.regex="(.*,)?ou=Contacts,uid=([^,]+),ou=People,(.*)$"
by dn.regex="uid=$2,ou=People,$3" write
by * none
# global LDAP Addressbook is writable for all authenticated users
# This entry has to be _before_ any other entry that matches the contact
# tree eg. the * entry
access to dn.subtree="ou=Contacts,dc=acme,dc=com"
by users write
by users read
# The admin dn has full write access
access to *
by users read
by peername="IP=192\.168\.150\.5" read
Here is the error from from OpenLDAP:
Aug 24 03:57:06 localhost slapd[23856]: conn=2 fd=14 ACCEPT from IP=192.168.150.5:59041 (IP=0.0.0.0:389)
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=0 BIND dn="uid=root,ou=People,dc=acme,dc=com" method=128
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=0 BIND dn="uid=root,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=0 RESULT tag=97 err=0 text=
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=1 SRCH base="ou=People,dc=acme,dc=com" scope=2 deref=3 filter="(&(objectClass=*)(uid=bob))"
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 BIND anonymous mech=implicit ssf=0
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 BIND dn="uid=bob,ou=People,dc=acme,dc=com" method=128
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 BIND dn="uid=bob,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0
Aug 24 03:57:06 localhost slapd[23856]: conn=2 op=2 RESULT tag=97 err=0 text=
Aug 24 03:57:37 localhost slapd[23856]: conn=3 fd=17 ACCEPT from IP=192.168.150.5:59042 (IP=0.0.0.0:389)
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=0 BIND dn="uid=root,ou=People,dc=acme,dc=com" method=128
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=0 BIND dn="uid=root,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=0 RESULT tag=97 err=0 text=
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=1 SRCH base="ou=People,dc=acme,dc=com" scope=2 deref=3 filter="(&(objectClass=*)(uid=bmason))"
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 BIND anonymous mech=implicit ssf=0
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 BIND dn="uid=bob,ou=People,dc=acme,dc=com" method=128
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 BIND dn="uid=bob,ou=People,dc=acme,dc=com" mech=SIMPLE ssf=0
Aug 24 03:57:37 localhost slapd[23856]: conn=3 op=2 RESULT tag=97 err=0 text=
--
<admiral>
Michael F. March ----- mmarch@gmail.com
Ph: (415)462-1910 ---- Fax: (602)296-0400
P.O. Box 2254 ---- Phoenix, AZ 85002-2254
"Seriously" - HSR