Thread: apache 2.2 mod_authnz_ldap to zimbra help?
View Single Post
  #1 (permalink)  
Old 01-23-2007, 12:02 AM
jdell jdell is offline
Project Contributor
  
Posts: 203
Question apache 2.2 mod_authnz_ldap to zimbra help?
Hi,

I have an apache 2.2 webserver with some private content that I want to use LDAP auth of my zimbra users to authenticate. No reason for another external ldap synced to zimbra ldap for basic authentication which is all I'm after here. However, apache 2.2 keeps giving authorise denied.

Server is zimbra.mydomain.com, default domain for user accounts in mydomain.com

.htaccess for directory is very basic :
Code:
AuthName "Staff Only"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldap://zimbra.mydomain.com:389/ou=people,dc=mydomain,dc=com?uid?sub?(objectClass=organizationalPerson)
require valid-user
Trying to authenticate this way produces the following on zimbra server (slapd.conf:loglevel 256):
Note: IPs and domains sanitized.
Code:
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 fd=46 ACCEPT from IP=xxx.yyy.zzz.aaa:39788 (IP=aaa.bbb.ccc.ddd:389) 
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=0 BIND dn="" method=128 
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=0 RESULT tag=97 err=0 text= 
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=1 SRCH base="ou=people,dc=mydomain,dc=com" scope=2 deref=3 filter="(&(objectClass=organizationalPerson)(uid=jdell))" 
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=1 SRCH attr=uid 
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= 
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=2 BIND dn="uid=jdell,ou=people,dc=mydomain,dc=com" method=128 
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=2 BIND dn="uid=jdell,ou=people,dc=mydomain,dc=com" mech=SIMPLE ssf=0 
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=2 RESULT tag=97 err=0 text=
From my reading of http://www.redhat.com/docs/manuals/d...i/6.01/log.htm, it seems that the tag=97 is a result from client bind, and err=0 means success, yet it isn't working.

Apache 2.2 logs show the following (LogLevel=debug):
Code:
[Mon Jan 22 22:51:00 2007] [debug] mod_authnz_ldap.c(849): [2525] auth_ldap url parse: `ldap://zimbra.mydomain.com:389/ou=people,dc=mydomain,dc=com?uid?sub?(objectClass=organizationalPerson)'
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(858): [2525] auth_ldap url parse: Host: zimbra.mydomain.com:389
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(860): [2525] auth_ldap url parse: Port: 389
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(862): [2525] auth_ldap url parse: DN: ou=people,dc=mydomain,dc=com
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(864): [2525] auth_ldap url parse: attrib: uid
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(866): [2525] auth_ldap url parse: scope: subtree
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(871): [2525] auth_ldap url parse: filter: (objectClass=organizationalPerson)
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(951): LDAP: auth_ldap not using SSL connections
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(373): [client 69.239.134.73] [2525] auth_ldap authenticate: using URL ldap://zimbra.mydomain.com:389/ou=people,dc=mydomain,dc=com?uid?sub?(objectClass=organizationalPerson)
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(454): [client 69.239.134.73] [2525] auth_ldap authenticate: accepting jdell
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(826): [client 69.239.134.73] [2525] auth_ldap authorise: authorisation denied
So, I can't see anything wrong except that apache 2.2 mod_authnz_ldap doesn't like it. Any ideas?
Reply With Quote