Active Directory problems while trying to perfom compare operation

Posted by Alex on Server Fault See other posts from Server Fault or by Alex
Published on 2010-10-10T10:03:08Z Indexed on 2010/12/22 20:56 UTC
Read the original article Hit count: 273

I have CentOs 5.5 with Apache 2.2 and SVN installed. Also I have Windows 2003 R2 with Active Directory.
I'm trying to authorize users via AD so each user have access to repo if he is a member of corespondent group in AD.
Here is my apache config:

LoadModule dav_svn_module      modules/mod_dav_svn.so
LoadModule authz_svn_module    modules/mod_authz_svn.so
LDAPVerifyServerCert off
ServerName svn.mydomain.com
DocumentRoot /var/www/svn.mydomain.com/htdocs
RewriteEngine On
[Location /]
 AuthType basic
 AuthBasicProvider ldap
 AuthzLDAPAuthoritative on
 AuthLDAPURL ldaps://comp1.mydomain.com:636/DC=mydomain,DC=com?sAMAccountName?sub?(objectClass=*)
 AuthLDAPBindDN [email protected]
 AuthLDAPBindPassword binduserpassword
[/Location]
[Location /repos/test]
 DAV svn
 SVNPath /var/svn/repos/test
 AuthName "SVN repository for test"
 Require ldap-group CN=test,CN=ProjectGroups,DC=mydomain,DC=com
[/Location]

When I'm using "Require valid-user" everything goes fine, "Require ldap-user" also works.
But as soon as I use "Require ldap-group" authorization fails.
Trere are no errors in apache logs, but Active Directory shows folowing error:

Event Type: Information
Event Source: NTDS LDAP
Event Category: LDAP Interface 
Event ID: 1138
Date:  10/9/2010
Time:  1:28:52 PM
User:  MYDOMAIN\binduser
Computer: COMP1
Description:
Internal event: Function ldap_compare entered.

Event Type: Error
Event Source: NTDS General
Event Category: Internal Processing 
Event ID: 1481
Date:  10/9/2010
Time:  1:28:52 PM
User:  MYDOMAIN\binduser
Computer: COMP1
Description:
Internal error: The operation on the object failed. 

Additional Data 
Error value:
2 0000208D: NameErr: DSID-031001CD, problem 2001 
(NO_OBJECT), data 0, best match of:
'DC=mydomain,DC=com'

I'm confused by this problem. What I'm doing wrong?

© Server Fault or respective owner

Related posts about apache

Related posts about active-directory