Hi All,

                I'm having some issues with setting up ldap auth for an apache 
webserver. In short I have an IPA server that seems to be working correctly, it 
is currently acting and a central authentication server for our Linux server 
environment. What I'm trying to do is get LDAP Auth up for our web based 
services.

The test environment is all CentOS 6.5 with the following config



IPA server with an LDAP bind user set up as per 
http://www.freeipa.org/page/Apache_Group_Based_Authorization without the 
kerberos component.

There is a single web directory /var/www/html/webtest with a single index.htlm 
file and a .htaccess file with the following contents.



# Make sure you're using HTTPS, or anyone can read your LDAP password.

# SSLRequireSSL

Order deny,allow

Deny from All

AuthName "Example Authorisation"

AuthType Basic

AuthBasicProvider ldap

AuthzLDAPAuthoritative on

AuthLDAPUrl "ldaps://ipa.example.com:636/dc=example,dc=com?uid"

AuthLDAPBindDN "uid=webapps,cn=sysaccounts,cn=etc, dc=example,dc=com"

AuthLDAPBindPassword "<password removed>"

Require valid-user

Satisfy any



---------------------------------------------------------------------------------------

When I try to access the web page I get a basic auth prompt and in the ipa 
server logs I get the following



[03/Apr/2014:12:26:22 +1100] conn=1689 fd=83 slot=83 SSL connection from 
10.0.0.11 to 10.0.0.3

[03/Apr/2014:12:26:22 +1100] conn=1689 SSL 256-bit AES

[03/Apr/2014:12:26:22 +1100] conn=1689 op=0 BIND 
dn="uid=webapps,cn=sysaccounts,cn=etc,dc=example,dc=com" method=128 version=3

[03/Apr/2014:12:26:22 +1100] conn=1689 op=0 RESULT err=0 tag=97 nentries=0 
etime=0 dn="uid=webapps,cn=sysaccounts,cn=etc, dc=example,dc=com"

[03/Apr/2014:12:26:22 +1100] conn=1689 op=1 SRCH base=" dc=example,dc=com" 
scope=2 filter="(&(objectClass=*)(uid=dtaylor))" attrs="uid"

[03/Apr/2014:12:26:22 +1100] conn=1689 op=1 RESULT err=0 tag=101 nentries=1 
etime=0 notes=U



---------------------------------------------------------------------------------------



Any help is greatly appreciated.



Best regards

David Taylor



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to