Apache showing 500 error during Active Directory LDAP authentication
Posted
by
Tyllyn
on Server Fault
See other posts from Server Fault
or by Tyllyn
Published on 2010-11-18T21:41:00Z
Indexed on
2010/12/22
20:56 UTC
Read the original article
Hit count: 339
I have Apache (on Windows Server) set up to authenticate one directory through Active Directory. Config settings are as follows:
<LocationMatch "/trac/[^/]+/login">
Order deny,allow
Allow from all
AuthBasicProvider ldap
AuthzLDAPAuthoritative Off
AuthLDAPURL ldap://<ip-redacted>:3268/cn=Users,OU=MyBusiness,DC=<dc-redacted>,DC=local?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN trac@<dc-redacted>.local
AuthLDAPBindPassword "<password-redacted>"
AuthType Basic
AuthName "Protected"
require valid-user
</LocationMatch>
Watching, Wireshark, I see the following get sent through when I visit the page:
To the AD server:
bindRequest(1) "trac@<dc-redacted>.local" simple
And from the AD server:
bindResponse(1) success
I'm assuming this means that the auth was successful... but Apache doesn't think so. It returns a 500 server to me. Apache logs show the following:
[Thu Nov 18 16:21:12 2010] [debug] mod_authnz_ldap.c(379): [client 192.168.x.x] [7352] auth_ldap authenticate: using URL ldap://<ip-redacted>:3268/cn=Users,OU=MyBusiness,DC=<dc-redacted>,DC=local?sAMAccountName?sub?(objectClass=*), referer: http://192.168.x.x/trac/Trac/login
[Thu Nov 18 16:21:12 2010] [info] [client 192.168.x.x] [7352] auth_ldap authenticate: user authentication failed; URI /trac/Trac/login [ldap_search_ext_s() for user failed][Filter Error], referer: http://192.168.x.x/trac/Trac/login
Now, that log file shows a failed auth for a blank user. I am confused.
Any idea what I am doing wrong... and how I can get the Apache authentication working? :)
Thanks!
© Server Fault or respective owner