Active Directory problems while trying to perfom compare operation
- by Alex
I have CentOs 5.5 with Apache 2.2 and SVN installed. Also I have Windows 2003 R2 with Active Directory.
I'm trying to authorize users via AD so each user have access to repo if he is a member of corespondent group in AD.
Here is my apache config:
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LDAPVerifyServerCert off
ServerName svn.mydomain.com
DocumentRoot /var/www/svn.mydomain.com/htdocs
RewriteEngine On
[Location /]
AuthType basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldaps://comp1.mydomain.com:636/DC=mydomain,DC=com?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN [email protected]
AuthLDAPBindPassword binduserpassword
[/Location]
[Location /repos/test]
DAV svn
SVNPath /var/svn/repos/test
AuthName "SVN repository for test"
Require ldap-group CN=test,CN=ProjectGroups,DC=mydomain,DC=com
[/Location]
When I'm using "Require valid-user" everything goes fine, "Require ldap-user" also works.
But as soon as I use "Require ldap-group" authorization fails.
Trere are no errors in apache logs, but Active Directory shows folowing error:
Event Type: Information
Event Source: NTDS LDAP
Event Category: LDAP Interface
Event ID: 1138
Date: 10/9/2010
Time: 1:28:52 PM
User: MYDOMAIN\binduser
Computer: COMP1
Description:
Internal event: Function ldap_compare entered.
Event Type: Error
Event Source: NTDS General
Event Category: Internal Processing
Event ID: 1481
Date: 10/9/2010
Time: 1:28:52 PM
User: MYDOMAIN\binduser
Computer: COMP1
Description:
Internal error: The operation on the object failed.
Additional Data
Error value:
2 0000208D: NameErr: DSID-031001CD, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=mydomain,DC=com'
I'm confused by this problem. What I'm doing wrong?