This is my LDAP configuration in Apache2.2.x
Order deny,allow
AuthType Basic
AuthName "Test"
AuthBasicProvider ldap
AuthLDAPURL "ldap://dc1.domain.com:389/DC=domain,DC=com?sAMAccountName" NONE
AuthLDAPBindDN "CN=Administrator,CN=Users,DC=domain,DC=com"
AuthLDAPBindPassword "secret"
authzldapauthoritative Off
require valid-user
When i load the page i get the pop up for password en username.
But when i fill them in i get an internal server error.
If i look in the error log of apache is see no new errors.
If i change my BindPassword to something wrong i get errors in my /var/log/apache2/error.log
Pulling my hair out!
Try to set "REFERRALS off" in /etc/ldap/ldap.conf.
Related
I have install thruk 3.0 and naemon. I following the instrutions on
https://www.thruk.org/documentation/install-webserver.html
I am using ldap not active directory.
from my truck log
login failed for jprouty on /thruk/ from 10.17.74.37
my apache error logs shows
user jprouty not found: /thruk/cgi-bin/restricted.cgi
<Location /thruk/>
Options ExecCGI FollowSymLinks
AuthName "Thruk Monitoring"
AuthType Basic
#leagacy file authentication first, then ldap
AuthBasicProvider file ldap
AuthUserFile /etc/thruk/htpasswd
#ldap
AuthLDAPURL "ldap://ipa.domain.com/cn=users,cn=accounts,dc=domain,dc=com?uid?sub?(memberOf=cn=monitoring,cn=groups,cn=accounts,dc=domain,dc=com)"
AuthLDAPBindDN "uid=httpbind,cn=sysaccounts,cn=etc,dc=domain,dc=com"
AuthLDAPBindPassword "XXXXXXXX"
AuthLDAPRemoteUserAttribute uid
Require valid-user
I have tested with ldapsearch and able to connect with user/password
did a tcpdump and see the ldap sending
I've set up a Kerberos Authentication on my Apache Server (Ubuntu 16.04 LTS) with mod_auth_kerb.
The configuration is as follows :
AuthType Kerberos
AuthName "Authentication Required"
KrbAuthRealm MY.DOMAIN
Krb5KeyTab "/path/to/keytab"
KrbMethodK5Passwd On
Require valid-user
It works fine as it is.
But I want to add an authentication fallback to an .htpasswd file, in case of a Kerberos failure.
I tried the following :
AuthType Basic
AuthName "Authentication Required"
AuthBasicProvider kerberos file
KrbAuthRealm MY.DOMAIN
Krb5KeyTab "/path/to/keytab"
KrbMethodK5Passwd On
KrbAuthoritative Off
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
But I have an error when restarting :
apache2[7455]: Unknown Authn provider: kerberos
I've set my Apache LogLevel to debug but I've nothing in the log file ...
My mod_auth_kerb version is 5.4-2.2.
Any ideas ?
Thanks :)
Is it possible to use LDAP authentification via .htaccess with MAMP?
I think I need to include/enable the Apache-Module but I'm not sure how to do it?
Thanks for your help!
Enalble it
a2enmod authnz_ldap
a2enmod ldap
/etc/init.d/apache2 restart
In htaccess you use
AuthType Basic
AuthName "secured site"
AuthBasicProvider ldap
AuthLDAPUrl "ldap://server/ou=People,dc=example,dc=local"
AuthLDAPBindDN "cn=reader,dc=example,dc=local"
AuthLDAPBindPassword the_secret_one
AuthzLDAPAuthoritative Off
Require valid-user
Using wamp server with apache 2.4.4
I have a directory that I want to protect with .htaccess file:
AuthBasicProvider ldap
AuthType Basic
AuthName "Authentication required "
AuthLDAPUrl "ldap://myldap:389/ou=p1,dc=dt,dc=mycompany,dc=local?uid?sub?(objectClass=*)"
AuthLDAPBindDN "cn=admin,dc=dt,dc=mycompany,dc=local"
AuthLDAPBindPassword "password"
Require valid-user
I have AllowOverride all set in httpd.conf.
I have all LoadModule directives uncommented in httpd.conf
I can successfully create connection to the ldap using Apache Directory Studio using these BindDN and password.
I can also successfully query ldap://myldap:389/ou=p1,dc=dt,dc=mycompany,dc=local?uid?sub?(objectClass=*) using Windows Explorer
EDIT:
I get the authentication window as it should be but whatever creditentials I enter I get Internal Server Error 500.
Any suggestions?
I want to make a web directory protectde by htaccess and LDAP users in certain OU's can access it.
I've googled all day and I couldn't make it happen. I've using Apache 2.2 on Ubuntu Server 10.04 LTS. Here is my htaccess:
AuthType Basic
AuthName "LOGIN"
AuthUserFile /dev/null
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://SERVER_IP/ou=users,dc=domain,dc=TLD,dc=ccTLD?uid?sub?(objectClass=*)"
AuthLDAPBindDN "cn=user,dc=domain,dc=TLD,dc=ccTLD"
AuthLDAPBindPassword passwd
#I've tried all of below:
#Require valid-user # This works just fine. But i don't want everyone can login.
#Require ldap-group ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD # Tried this one and failed.
Require ldap-filter (ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD) # tried this one and also failed.
Thank you very much.
I found the problem. You shouldn't use brackets around the ldap-filter attribute.
This:
Require ldap-filter (ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD)
Should be like this:
Require ldap-filter ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD