Hi, when I run ldapsearch -x -W -D 'aduser' -H 'ldap://adserver:389' -b 'dc=iht,dc=com' '(&(objectclass=user)(!(objectclass=computer))(samaccountname=myname))' samaccountname
tethereal displays the following: LDAP MsgId=2 Search Request, Base DN=dc=abc,dc=com LDAP MsgId=2 Search Entry, 1 result LDAP MsgId=3 Unbind Request When I use mod_authnz_ldap with the following line in my Apache httpd.conf file: AuthLDAPURL "ldap://adserver:389/dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))" NONE tethereal displays the following: LDAP MsgId=2 Search Request, Base DN=dc=abc,dc=com LDAP MsgId=2 Search Entry, 1 result DNS Standard query AAAA ForestDnsZones.ABC.com DNS Standard query response DNS Standard query AAAA ForestDnsZones.ABC.com.abc.com DNS Standard query response, No such name In the first case, AD finds a user whose sAMAccountName is "myname", whereas, in the second case, AD seems to get lost in the Root DSE (which contains the ForestDnsZones.ABC.com branch). Has anyone run into this problem before? p ----- Mail Original ----- De: "Eric Covener" <[email protected]> À: [email protected] Envoyé: Jeudi 18 Mars 2010 18:34:18 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: [us...@httpd] mod_authnz_ldap AuthLDAPURL problem On Thu, Mar 18, 2010 at 1:25 PM, <[email protected]> wrote: > Hi, > > when I use the following AuthLDAPURL > > "ldap://adserver/ou=city1,dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))" > NONE > > I can authenticate any user in "ou" city1. > > If I replace the AuthLDPAURL by > > "ldap://adserver/dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))" > NONE > > I get an Apache 2.2 internal error and in the error log the following message: > > [debug] mod_authnz_ldap.c(379): [client xxxx] [8655] auth_ldap authenticate: > using URL > ldap://adserver/dc=abc,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer))) > [info] [client xxxx] [8655] auth_ldap authenticate: user myusername > authentication failed; URI /test/ [ldap_search_ext_s() for user > failed][Operations error] > > When I do ldapsearch ... -b 'dc=abc,dc=com' > '(&(objectClass=user)(!(objectClass=computer))(samaccountname=myusername)', > the Active Directory server returns data, which seems to imply that there's > something wrong with the mod_authnz_ldap module, or with the way I set it up > or use it. Can you look at the differences on the wire via e.g. wireshark? This should make the difference in the search pretty easy to spot. -- Eric Covener [email protected] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [email protected] " from the digest: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [email protected] " from the digest: [email protected] For additional commands, e-mail: [email protected]
