LDAP within a virtual host
This is a discussion on LDAP within a virtual host within the Apache Web Server forums, part of the Web Server and Related Forums category; Hi All, I'm trying to teach myself ldap and virutal hosting. If I setup a standard httpd.conf filewith ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-08-2008
|
|||
|
|||
LDAP within a virtual host
Hi All,
I'm trying to teach myself ldap and virutal hosting. If I setup a standard httpd.conf filewith just the below in it, then the ldaps lookup is successful: <Location "/wiki"> AuthBasicProvider ldap #DAV svn #SVNParentPath /home/SVN #SVNIndexXSLT "/svnindex.xsl" AuthType Basic AuthzLDAPAuthoritative off AuthName "Subversion" #AuthUserFile /etc/svn-auth-file AuthLDAPURL "ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAccountName?sub?(objectClas s=*)" NONE AuthLDAPBindDN "CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC =company,DC=local" AuthLDAPBindPassword ******* #<LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user #</LimitExcept> #AuthzSVNAccessFile /tmp/svntest </Location> However, if I wrap it into a virtual host, I get 500 messages back from the server : <VirtualHost *:80> DocumentRoot /var/www/testhtml ServerName testserv.company.local CustomLog logs/svn_logfile "%t %{SVN-ACTION}e %u" env=SVN-ACTION CustomLog logs/testserv_log combined # Other directives here <Location "/abc"> AuthBasicProvider ldap #DAV svn #SVNParentPath /home/SVN #SVNIndexXSLT "/svnindex.xsl" AuthType Basic AuthzLDAPAuthoritative off AuthName "Subversion" #AuthUserFile /etc/svn-auth-file AuthLDAPURL "ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAccountName?sub?(objectClas s=*)" NONE AuthLDAPBindDN "CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC =company,DC=local" AuthLDAPBindPassword ***** #<LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user #</LimitExcept> #AuthzSVNAccessFile /tmp/svntest </Location> </VirtualHost> In the error log I get: [Tue Apr 08 00:14:22 2008] [warn] [client 192.168.117.1] [12209] auth_ldap authenticate: user marsh authentication failed; URI /abc [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] But a tcpdump shows that theres not even an attempt to contact our LDAP server. I know that the Virtualhost directives are taking affect as the normal logs are written out to the testserv_log file, and it is mapping to /abc I just dont get why the virtualhost ldaps lookup is failing... I also tried dropping it back to ldap instead of ldaps to see if it was the SSL wrapper, but that makes no difference either. Any ideas?? Thanks, Adrian |
|
04-08-2008
|
|||
|
|||
|
Re: LDAP within a virtual host
ok... solved this one..
It was a stupid networking fault caused by VMware suddenly deciding not to resolve DNS. re-pointed it and this works. However I have a seperate question about LDAP/Virtual machines and SSL that I'll post seperately. Adrian Marsh wrote: > Hi All, > > I'm trying to teach myself ldap and virutal hosting. If I setup a > standard httpd.conf filewith just the below in it, then the ldaps lookup > is successful: > > <Location "/wiki"> > AuthBasicProvider ldap > #DAV svn > #SVNParentPath /home/SVN > #SVNIndexXSLT "/svnindex.xsl" > AuthType Basic > AuthzLDAPAuthoritative off > AuthName "Subversion" > #AuthUserFile /etc/svn-auth-file > AuthLDAPURL > "ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAccountName?sub?(objectClas s=*)" > NONE > AuthLDAPBindDN > "CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC =company,DC=local" > AuthLDAPBindPassword ******* > #<LimitExcept GET PROPFIND OPTIONS REPORT> > Require valid-user > #</LimitExcept> > #AuthzSVNAccessFile /tmp/svntest > </Location> > > However, if I wrap it into a virtual host, I get 500 messages back from > the server : > > <VirtualHost *:80> > DocumentRoot /var/www/testhtml > ServerName testserv.company.local > CustomLog logs/svn_logfile "%t %{SVN-ACTION}e %u" env=SVN-ACTION > CustomLog logs/testserv_log combined > > > # Other directives here > > <Location "/abc"> > AuthBasicProvider ldap > #DAV svn > #SVNParentPath /home/SVN > #SVNIndexXSLT "/svnindex.xsl" > AuthType Basic > AuthzLDAPAuthoritative off > AuthName "Subversion" > #AuthUserFile /etc/svn-auth-file > AuthLDAPURL > "ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAccountName?sub?(objectClas s=*)" > NONE > AuthLDAPBindDN > "CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC =company,DC=local" > AuthLDAPBindPassword ***** > #<LimitExcept GET PROPFIND OPTIONS REPORT> > Require valid-user > #</LimitExcept> > #AuthzSVNAccessFile /tmp/svntest > </Location> > </VirtualHost> > > > In the error log I get: > > [Tue Apr 08 00:14:22 2008] [warn] [client 192.168.117.1] [12209] > auth_ldap authenticate: user marsh authentication failed; URI /abc > [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] > > > > But a tcpdump shows that theres not even an attempt to contact our LDAP > server. > > I know that the Virtualhost directives are taking affect as the normal > logs are written out to the testserv_log file, and it is mapping to /abc > > I just dont get why the virtualhost ldaps lookup is failing... > > I also tried dropping it back to ldap instead of ldaps to see if it was > the SSL wrapper, but that makes no difference either. > > Any ideas?? > > Thanks, > > Adrian |
Linear Mode
