Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

SVN, HTTPD 2.2.8 & Active Directory

0 views

Skip to first unread message

Eric

unread,

Mar 28, 2008, 11:11:50 AM3/28/08

Hello all !

I am trying to connect an Apache server to an Active Directory server
- the goal is to use AD account to access a Subversion server - for
one of my customer.
I made a lot of tests using either mod_auth_ldap or mod_authz_ldap,
unsuccesfully.

As of now, I am in a no way road, with a huge headache :-(

So here is my configuration : Fedora 8, Apache 2.2.8, mod_auth_ldap,
mod_authz_ldap, etc.

I try to add AD authentification access on a folder, let's say /svn/
repositories/authz/
To do so, I use the following Apache's .conf file :
Alias /authz /svn/repositories/authz/
<Directory /svn/repositories/authz/>
AuthzLDAPMethod ldap

AuthType Basic
AuthName "Secure Area"

AuthzLDAPAuthoritative On
AuthzLDAPProtocolVersion 3

AuthzLDAPServer server:389
AuthzLDAPUserBase dc=domain,dc=net
AuthzLDAPUserKey sAMAccountName
AuthzLDAPUserScope subtree

AuthzLDAPBindDN "righ...@domain.net"
AuthzLDAPBindPassword "secret"

require valid-user
</Directory>

I have a popup window asking me login/passwd but of course, it does
not work.
You will find hereunder Apache's error-log file, a tethereal network
dump network, taken before I type login/passwd.

I succeed in doing ldap requests using ldapsearch for instance. I also
try phpldapadmin to check wether it is working or not

Thanks a lot for your help.

Eric.

Apache error_log file:
[Fri Mar 28 16:08:18 2008] [error] [client xx.xx.xx.xx] [15622] search
from 'dc=domain,dc=net' for '(sAMAccountName=rightuser)' returns 1 =
'Operations error'
[Fri Mar 28 16:08:18 2008] [error] [client xx.xx.xx.xx][15622] filter:
(sAMAccountName=rightuser) base: dc=domain,dc=net, not found
[Fri Mar 28 16:08:18 2008] [error] [client xx.xx.xx.xx] [15622] basic
LDAP authentication of user 'rightuser' failed

tethereal -f "host ldap"
149.505455 myserver -> ldap LDAP bindRequest(1) simple
149.508430 ldap -> myserver LDAP bindResponse(1)
149.508445 myserver -> ldap TCP 44582 > ldap [ACK] Seq=54 Ack=23
Win=5888 Len=0 TSV=1482383013 TSER=7533109
149.508581 myserver -> ldap LDAP searchRequest(2) "dc=domain,dc=net"
wholeSubtree
149.509330 ldap -> myserver LDAP searchResDone(2)
149.518161 myserver -> ldap TCP 44584 > ldap [SYN] Seq=0 Win=5840
Len=0 MSS=1460 TSV=1482383022 TSER=0 WS=7
149.520417 ldap -> myserver TCP ldap > 44584 [SYN, ACK] Seq=0 Ack=1
Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
149.520435 myserver -> ldap TCP 44584 > ldap [ACK] Seq=1 Ack=1
Win=5888 Len=0 TSV=1482383025 TSER=0
149.520506 myserver -> ldap LDAP bindRequest(4) simple
149.521243 ldap -> myserver LDAP bindResponse(4)
149.521259 myserver -> ldap TCP 44584 > ldap [ACK] Seq=15 Ack=23
Win=5888 Len=0 TSV=1482383025 TSER=7533110
149.540201 myserver -> ldap LDAP searchRequest(3)
"DC=ForestDnsZones,DC=domain,DC=net" wholeSubtree
149.540712 ldap -> myserver LDAP searchResDone(3) operationsError
(00000000: LdapErr: DSID-0C090627, comment: In order to perform this
operation a successful bind must be completed on the connection., data
0, vece)
149.540833 myserver -> ldap LDAP unbindRequest(11)
149.540850 myserver -> ldap TCP 44584 > ldap [FIN, ACK] Seq=123
Ack=196 Win=6912 Len=0 TSV=1482383045 TSER=7533110
149.540982 myserver -> ldap LDAP unbindRequest(12)

tethereal -n -x -f "host ldap"
16.530770 myserver -> ldap LDAP bindRequest(1) simple
....m...%J.`..E.
.i..@.@.!...d...
...g..".P.......
..A.......Xx.8..
..03...`......ri
ghtuser@dom
ain.net..se
cre

16.533486 ldap -> myserver LDAP bindResponse(1)
..%J.`....m...E.
.Je.@...TO......
d....g....".P...
..U........s<.Xx
.50........a....
........

some lines after:
16.569809 ldap -> myserver LDAP searchResDone(7) operationsError
(00000000: LdapErr: DSID-0C090627, comment: In order to perform this
operation a successful bind must be completed on the connection., data
0, vece)

..%J.`....m...E.
..e.@...S.......
d....m....!.<m..
..]........s<.Xx
._0........e....
............0000
0000: LdapErr: D
SID-0C090627, co
mment: In order
to perform this
operation a succ
essful bind must
be completed on
the connection.
data 0, vece.

Eric

unread,

Mar 31, 2008, 4:14:22 AM3/31/08

UP ?

On Mar 28, 4:11 pm, Eric <eric...@gmail.com> wrote:
> Hello all !
>
> I am trying to connect an Apache server to an Active Directory server
> - the goal is to use AD account to access a Subversion server - for
> one of my customer.
> I made a lot of tests using either mod_auth_ldap or mod_authz_ldap,
> unsuccesfully.
>
> As of now, I am in a no way road, with a huge headache :-(
>
> So here is my configuration : Fedora 8, Apache 2.2.8, mod_auth_ldap,
> mod_authz_ldap, etc.
>
> I try to add AD authentification access on a folder, let's say /svn/
> repositories/authz/
> To do so, I use the following Apache's .conf file :
> Alias /authz /svn/repositories/authz/
> <Directory /svn/repositories/authz/>
> AuthzLDAPMethod ldap
>
> AuthType Basic
> AuthName "Secure Area"
>
> AuthzLDAPAuthoritative On
> AuthzLDAPProtocolVersion 3
>
> AuthzLDAPServer server:389
> AuthzLDAPUserBase dc=domain,dc=net
> AuthzLDAPUserKey sAMAccountName
> AuthzLDAPUserScope subtree
>

> AuthzLDAPBindDN "rightu...@domain.net"

0 new messages