Tuesday, May 10, 2022

[SOLVED] Apache2 authentication against ldap fails with "user not found"

May 10, 2022 apache2.4, debian, ldap

Issue

i installed slapd (2.4.40+dfsg-1+deb8u2) recently, and i' m trying to get apache2 (2.4.10-10+deb8u7) authenticated through ldap. The system itself is debian (8.6).

Ldap should run on localhost on the default port, and using phpldapadmin the DN ( cn=admin,dc=1000,dc=hu ) seems to be ok. For apache2 authenticaion i use .htaccess file, and basic authentication (htpasswd file) works also fine.

My configucation is:

AuthName "Add your login message here."
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldap://localhost:389/dc=1000,dc=hu?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "cn=admin,dc=1000,dc=hu"
AuthLDAPBindPassword ******
require ldap-user testtest test ttest

Whatever i do, i got the "user not found" error in apache2 logs:

==> /var/log/apache2/error.log <==
[Sat Jan 21 12:54:29.272676 2017] [auth_basic:error] [pid 27767] [client 127.0.0.1:52852] AH01618: user ttest not found: /t1/

==> /var/log/apache2/access.log <==
127.0.0.1 - ttest [21/Jan/2017:12:54:29 +0100] "GET /t1/ HTTP/1.1" 401 738 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"

==> /var/log/apache2/error.log <==
[Sat Jan 21 12:54:44.388323 2017] [auth_basic:error] [pid 27766] [client 127.0.0.1:52854] AH01618: user test not found: /t1/

==> /var/log/apache2/access.log <==
127.0.0.1 - test [21/Jan/2017:12:54:44 +0100] "GET /t1/ HTTP/1.1" 401 738 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"

==> /var/log/apache2/error.log <==
[Sat Jan 21 12:54:49.460321 2017] [auth_basic:error] [pid 27770] [client 127.0.0.1:52856] AH01618: user testtest not found: /t1/

==> /var/log/apache2/access.log <==
127.0.0.1 - testtest [21/Jan/2017:12:54:49 +0100] "GET /t1/ HTTP/1.1" 401 738 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"

ttest, test and testtest are username, sn, cn in my system.

Password for AuthLDAPBindPassword is triple checked, also for the user.

Where do i make the mistake? Does the AuthLDAPURL have the right value in this scenario?

Solution

Well, in the above example the AuthLDAPURL was wrong for the described setup. It should be only:

AuthLDAPURL ldap://localhost/dc=256,dc=hu?cn?sub

Answered By - user2194805

Answer Checked By - Clifford M. (WPSolving Volunteer)

This Answer collected from stackoverflow and tested by PythonFixing community admins, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Tuesday, May 10, 2022

[SOLVED] Apache2 authentication against ldap fails with "user not found"

Issue

Solution

Popular Posts

Labels