LDAP Authentication fails with 500 or 401 depending on bind for Apache2

Posted by Erik on Server Fault See other posts from Server Fault or by Erik
Published on 2009-11-03T01:03:26Z Indexed on 2010/05/08 10:08 UTC
Read the original article Hit count: 376

Filed under:
|
|
|
|

I'm setting up LDAP authentication for our Subversion repository hosted through Apache on a RHEL 5 system. I run into two different issues when I try to authenticate against Active Directory.

<Location /svn/>
Dav svn
SvnParentPath /srv/subversion
SVNListParentPath On
AuthType Basic
AuthName "Subversion Repository"

AuthBasicProvider ldap

AuthLDAPBindDN "cn=userfoo,ou=Service Accounts,ou=User Accounts,dc=my,dc=example,dc=com"
AuthLDAPBindPassword "mypass"

AuthLDAPUrl "ldap://my.example.com:389/ou=User Accounts,dc=my,dc=example,dc=com?sAMAccountName?sub?(objectClass=user)" NONE

Require valid-user
</Location>

If I use the above configuration it continually prompts me with the Basic prompt and I have to eventually select Cancel, which returns a 401 (Authorization Required). If I comment out the bind parts it returns 500 (Internal Server Error), griping that authentication failed:

[Mon Nov 02 12:00:00 2009] [warn] [client x.x.x.x] [10744] auth_ldap authenticate: user myuser authentication failed; URI /svn [ldap_search_ext_s() for user failed][Operations error]

When I perform the bind using ldapsearch and filter for a simple attribute it returns correctly:

ldapsearch -h my.example.com -p 389 -D "cn=userfoo,ou=Service Accounts,ou=User Accounts,dc=my,dc=example,dc=com" -b "ou=User Accounts,dc=my,dc=example,dc=com" -w - "&(objectClass=user)(cn=myuser)" sAMAccountName

Unfortunately I have no control or insight into the AD part of the system, only the RHEL server. Does anyone know what the hang up is here?

© Server Fault or respective owner

Related posts about ldap

Related posts about apache