Apache showing 500 error during Active Directory LDAP authentication

Posted by Tyllyn on Server Fault See other posts from Server Fault or by Tyllyn
Published on 2010-11-18T21:41:00Z Indexed on 2010/12/22 20:56 UTC
Read the original article Hit count: 339

Filed under:
|
|

I have Apache (on Windows Server) set up to authenticate one directory through Active Directory. Config settings are as follows:

<LocationMatch "/trac/[^/]+/login">

 Order deny,allow
 Allow from all
 AuthBasicProvider ldap
 AuthzLDAPAuthoritative Off
 AuthLDAPURL ldap://<ip-redacted>:3268/cn=Users,OU=MyBusiness,DC=<dc-redacted>,DC=local?sAMAccountName?sub?(objectClass=*)
 AuthLDAPBindDN       trac@<dc-redacted>.local
 AuthLDAPBindPassword "<password-redacted>"
 AuthType Basic
 AuthName "Protected"
 require valid-user

</LocationMatch>

Watching, Wireshark, I see the following get sent through when I visit the page:

To the AD server:

bindRequest(1) "trac@<dc-redacted>.local" simple 

And from the AD server:

bindResponse(1) success 

I'm assuming this means that the auth was successful... but Apache doesn't think so. It returns a 500 server to me. Apache logs show the following:

[Thu Nov 18 16:21:12 2010] [debug] mod_authnz_ldap.c(379): [client 192.168.x.x] [7352] auth_ldap authenticate: using URL ldap://<ip-redacted>:3268/cn=Users,OU=MyBusiness,DC=<dc-redacted>,DC=local?sAMAccountName?sub?(objectClass=*), referer: http://192.168.x.x/trac/Trac/login
[Thu Nov 18 16:21:12 2010] [info] [client 192.168.x.x] [7352] auth_ldap authenticate: user  authentication failed; URI /trac/Trac/login [ldap_search_ext_s() for user failed][Filter Error], referer: http://192.168.x.x/trac/Trac/login

Now, that log file shows a failed auth for a blank user. I am confused.

Any idea what I am doing wrong... and how I can get the Apache authentication working? :)

Thanks!

© Server Fault or respective owner

Related posts about apache

Related posts about active-directory