We Keep Coding

Ldap Authentication issues

I have install thruk 3.0 and naemon. I following the instrutions on
https://www.thruk.org/documentation/install-webserver.html
I am using ldap not active directory.
from my truck log
login failed for jprouty on /thruk/ from 10.17.74.37
my apache error logs shows
user jprouty not found: /thruk/cgi-bin/restricted.cgi
<Location /thruk/>
Options ExecCGI FollowSymLinks
AuthName "Thruk Monitoring"
AuthType Basic
#leagacy file authentication first, then ldap
AuthBasicProvider file ldap
AuthUserFile /etc/thruk/htpasswd
#ldap
AuthLDAPURL "ldap://ipa.domain.com/cn=users,cn=accounts,dc=domain,dc=com?uid?sub?(memberOf=cn=monitoring,cn=groups,cn=accounts,dc=domain,dc=com)"
AuthLDAPBindDN "uid=httpbind,cn=sysaccounts,cn=etc,dc=domain,dc=com"
AuthLDAPBindPassword "XXXXXXXX"
AuthLDAPRemoteUserAttribute uid
Require valid-user
I have tested with ldapsearch and able to connect with user/password
did a tcpdump and see the ldap sending

Integrate apache subversion with the active directory in windows server

Initially I have installed apache server 2.4 in windows server 2012 R2 and i have installed apache subversion 1.8.7 and i have copied module files(.so files) from subversion to apache server.I have created a repository. I have setup the "AuthUserFile" and "AuthzSVNAccessFile" I have given following code in httpd.conf
<Location /project1>
DAV svn
SVNPath E:\svn_testing\project1
AuthType Basic
AuthName "Subversion Project1 repository"
AuthUserFile c:/etc/svn-auth-file
Require valid-user
AuthzSVNAccessFile c:/etc/svn-acl
</Location>
I have used tortoise svn client to connect to repository which i have successfully connected I have successfully created files,commit the files.
Later i want to setup authentication with the active directory I have added following code in http.conf file
<Location /project1>
DAV svn
SVNPath E:\svn_testing\project1
SVNParentPath E:\svn_testing
SVNListparentPath on
Order allow,deny
Allow from all
AuthType Basic
AuthBasicProvider ldap
#AuthzLDAPAuthoritative off
AuthName "Active_directory_integration"
AuthzSVNAccessFile C:\etc\svn-acl
AuthLDAPURL "ldap://***********(ip address):389/DC=*******,DC=com?sAMAccountName?sub?(objectClass=*)"
#this assumes you have created a dedicated bind user "apache_bind" on your active directory
AuthLDAPBindDN "CN=Administrator,CN=users,DC=*******,DC=com"
#warning: this password for AD apache_bind user is in plain text!
AuthLDAPBindPassword *************
#AuthLDAPFollowReferrals off
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
#SSLRequireSSL
require ldap-group OU=********,DC=********,DC=com
#require valid-user
</Location>
But when i try to restart the server apache server it is showing "The Requested operation has failed" I have checked the log files but there is nothing there

It seem you are trying to search the whole AD-Catalog, as you do not specify any OU. this is not supported by Windows AD. However the whole Catalog is available by using port 3268
Please try this:
AuthLDAPURL "ldap://***********(ip address):3268/DC=*******,DC=com?sAMAccountName?sub?(objectClass=*)"

AuthLDAPGroupAttribute member
require ldap-group OU=********,DC=********,DC=com
Organizational Units (ou) dont have the attribute member, according to https://msdn.microsoft.com/en-us/library/ms683886(v=vs.85).aspx.
You should try the DN of the group you want to access your repo.
On my server this would look like this:
require ldap-group cn=thegroup,ou=groups,dc=example,dc=com
Notice the cn, which is a groupOfNames with the member attribute in my case.

apache web server - bypass ldap authentication from within network

I have below conf to allow users from within our company's network to access access the site without userid or password.
<Location />
Require valid-user
Order allow,deny
Allow from 1XX.2XX.0.0/16
Allow from 10.0.0.0/8
Allow from 127.0.0.1
Satisfy Any
AuthType Basic
AuthName "Enter your ID and password"
AuthBasicProvider ldap
Include /abc/httpd/conf/ldap_userinfo.conf
AuthLDAPGroupAttribute member
### Add application ldap-user/ldap-group below ###
Require ldap-group CN=AP-ABC-PREVIEWSITE-USERS,OU=GROUPS,OU=ABC INFRASTRUCTURE,DC=i,DC=abc,DC=com
ErrorDocument 401 "Please use correct id and password for access to this site"
</Location>
After adding, users are seeing the prompt to enter user id and password but can hit cancel and access the site. How can i suppress the prompt as well?

FOR VERIFICATION:
Some of our webservers are behind firewalls that require the LDAP port opened. By default, the active directory LDAP service listens on TCP port 389.
fm#susie112:~> telnet 192.168.100.2 389
Trying 192.168.100.2...
Connected to 192.168.100.2.
Escape character is '^]'.
^CConnection closed by foreign host.
fm#susie112:~>
For Enabling LDAP services:
fm#susie112:/home/fm # vi /etc/apache2/vhosts/myvirtualhost.conf
....
<Directory "/srv/www/ssl-root/restricted-directory">
# Basic authentication with LDAP against MS AD
AuthType Basic
AuthBasicProvider ldap
# AuthLDAPURL specifies the LDAP server IP, port, base DN, scope and filter
# using this format: ldap://host:port/basedn?attribute?scope?filter
AuthLDAPURL "ldap://192.168.100.1:389 192.168.100.2:389/DC=frank4dd,DC=com?sAMAccountName?sub?(objectClass=user)" NONE
# The LDAP bind username and password
AuthLDAPBindDN "ldapconnect#frank4dd.com"
AuthLDAPBindPassword "ldaps3cUr3!"
# we want to allow authentication only through LDAP, no fallback
AuthzLDAPAuthoritative on
AuthUserFile /dev/null
# The name of this authentication realm
AuthName "Restricted Dir [Domain Account]"
# To authenticate single domain users, list them here
#require ldap-user frank4dd
# to authenticate a domain group, specify the full DN
AuthLDAPGroupAttributeIsDN on
require ldap-group CN=acl_secure_exchange,OU=Global Groups,OU=User,DC=frank4dd,DC=com
...
</Directory>
For Configuration:
fm#susie112:/home/fm # vi /etc/apache2/httpd.conf.local
...
# Enable the LDAP connection pool and shared
# memory cache. Enable the LDAP cache status
# handler. Requires mod_ldap and mod_authnz_ldap
# to be loaded.
LDAPSharedCacheSize 500000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
# Wait x seconds before trying the next LDAP server in our list
LDAPConnectionTimeout 5
<Location /ldap-status>
SetHandler ldap-status
Order deny,allow
Deny from all
# restrict access only to mgt systems
Allow from localhost 127.0.0.1 192.168.1
</Location>

.htaccess bind Apache server to ldap causes Internal server error 500

Using wamp server with apache 2.4.4
I have a directory that I want to protect with .htaccess file:
AuthBasicProvider ldap
AuthType Basic
AuthName "Authentication required "
AuthLDAPUrl "ldap://myldap:389/ou=p1,dc=dt,dc=mycompany,dc=local?uid?sub?(objectClass=*)"
AuthLDAPBindDN "cn=admin,dc=dt,dc=mycompany,dc=local"
AuthLDAPBindPassword "password"
Require valid-user
I have AllowOverride all set in httpd.conf.
I have all LoadModule directives uncommented in httpd.conf
I can successfully create connection to the ldap using Apache Directory Studio using these BindDN and password.
I can also successfully query ldap://myldap:389/ou=p1,dc=dt,dc=mycompany,dc=local?uid?sub?(objectClass=*) using Windows Explorer
EDIT:
I get the authentication window as it should be but whatever creditentials I enter I get Internal Server Error 500.
Any suggestions?

LDAP authentication apache 2.2 error 500

This is my LDAP configuration in Apache2.2.x
Order deny,allow
AuthType Basic
AuthName "Test"
AuthBasicProvider ldap
AuthLDAPURL "ldap://dc1.domain.com:389/DC=domain,DC=com?sAMAccountName" NONE
AuthLDAPBindDN "CN=Administrator,CN=Users,DC=domain,DC=com"
AuthLDAPBindPassword "secret"
authzldapauthoritative Off
require valid-user
When i load the page i get the pop up for password en username.
But when i fill them in i get an internal server error.
If i look in the error log of apache is see no new errors.
If i change my BindPassword to something wrong i get errors in my /var/log/apache2/error.log
Pulling my hair out!

Try to set "REFERRALS off" in /etc/ldap/ldap.conf.