Results 1 to 9 of 9

Thread: [SOLVED] Can I (really) authenticate .htaccess with ldap?

  1. #1
    goldie113 is offline Member
    Join Date
    Nov 2008
    Posts
    11
    Rep Power
    6

    Default [SOLVED] Can I (really) authenticate .htaccess with ldap?

    I am using mod_authnz_ldap on an apache web server trying to authenticate with zimbra's LDAP I have read all the post and wiki's what am I doing wrong. when I enter my crendentials in the prompt I get the error below user id not configured. I turned ldap logging on and it doesn't log anything (like no attempt is being made).

    AuthType Basic
    AuthName Internal
    AuthBasicProvider ldap
    AuthLDAPURL ldap://75.XXX.XXX.XXX/ou=people,dc=midchurch,dc=com
    require valid-user



    error_log

    [Wed Nov 19 11:07:35 2008] [error] [client 12.196.129.66] access to /members failed, reason: verification of user id 'goldie113' not configured

  2. #2
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,276
    Rep Power
    10

    Default

    What does the LDAP log show? You don't really give much detail in the way of configuration, so there's really not much feedback I can give, except that it probably should work if configured correctly.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  3. #3
    goldie113 is offline Member
    Join Date
    Nov 2008
    Posts
    11
    Rep Power
    6

    Default

    Quote Originally Posted by quanah View Post
    What does the LDAP log show? You don't really give much detail in the way of configuration, so there's really not much feedback I can give, except that it probably should work if configured correctly.

    the LDAP log doesn't show anything that's the problem it seems there is no attempt to authenticate to the LDAP. I can access the LDAP with LDAP admin so what is keeping me from getting to it? It is not a firewall issue for they (web and mail server) are on the private side of any firewall. What configuration info will you need?

    Should there be entries made in the httpd.conf file? pertaining to allow/deny/override things along those lines?
    Last edited by goldie113; 11-20-2008 at 01:45 PM.

  4. #4
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,276
    Rep Power
    10

    Default

    Quote Originally Posted by goldie113 View Post
    AuthLDAPURL ldap://75.XXX.XXX.XXX/ou=people,dc=midchurch,dc=com
    This doesn't look quite right, actually. Have you read the page on how this is formed?

    authldapurl doc

    I would guess it should be something more like:
    Code:
    AuthLDAPURL ldap://75.XXX.XXX.XXX:389/ou=people,dc=midchurch,dc=com?uid?sub?(objectClass=zimbraAccount)
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  5. #5
    goldie113 is offline Member
    Join Date
    Nov 2008
    Posts
    11
    Rep Power
    6

    Default

    I have tried that line and just about every different form with every different attribute on that line, It acts as though it doesn't know to access that LDAP

  6. #6
    gnyce is offline Advanced Member
    Join Date
    Aug 2007
    Location
    outside Philadelphia
    Posts
    214
    Rep Power
    8

    Default

    Here is what seems to work for me.... you will have to test whether you need an actual account to login/bind with, or if anonymous bind is ok... I disremember, it has been awhile since I did this


    AuthType Basic
    Authname "Trac Login"
    AuthBasicProvider "ldap"
    AuthLDAPURL "ldap://10.0.0.5/ou=people,dc=OUR_DOMAIN,dc=com?uid?sub?(objectClas s=organizationalPerson)"
    AuthLDAPBindDN uid=USERNAME,ou=people,dc=OUR_DOMAIN,dc=com
    AuthLDAPBindPassword PASSWORDHERE
    authzldapauthoritative Off
    require valid-user
    </Location>
    Last edited by gnyce; 11-21-2008 at 10:01 AM. Reason: fixed typo, missing ( and a space in the last s of objectClass

  7. #7
    gnyce is offline Advanced Member
    Join Date
    Aug 2007
    Location
    outside Philadelphia
    Posts
    214
    Rep Power
    8

    Default

    not sure why, but it is displaying a space in objectClas s... should be objectClass

  8. #8
    goldie113 is offline Member
    Join Date
    Nov 2008
    Posts
    11
    Rep Power
    6

    Default

    gnyce Thanks so much your .htaccess also works for me! You have taken such a monkey off my back!

  9. #9
    Jesster's Avatar
    Jesster is offline Trained Alumni
    Join Date
    Nov 2007
    Location
    Santa Barbara, CA.
    Posts
    109
    Rep Power
    7

    Default

    Quote Originally Posted by gnyce View Post
    Here is what seems to work for me.... you will have to test whether you need an actual account to login/bind with, or if anonymous bind is ok... I disremember, it has been awhile since I did this
    </Location>
    Is there any way to also filter the approved users via LDAP?

    Maybe something like "and is also a member of staff@example.org distribution list" ?

    I played with this awhile ago using ldapsearch tool but couldn't figure it out. Here's what I had, but it's not correct:

    Code:
    ldapsearch -LLL -x -h zldap.example.org -D cn=config -w password -b '' '(&(zimbraMailForwardingAddress=$USERNAME@$DOMAIN)(zimbraMailAlias=staff@example.org)(objectClass=zimbraDistributionList)(zimbraMailStatus=enabled))'

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. LDAP Cannot bind on migration to new server
    By neekster in forum Migration
    Replies: 23
    Last Post: 03-09-2009, 02:08 AM
  2. upgrading from 5.0.4 to 5.0.5 opensource
    By smoke in forum Installation
    Replies: 4
    Last Post: 10-19-2008, 10:38 AM
  3. Replies: 8
    Last Post: 08-07-2008, 05:18 AM
  4. Zimbra Install Problem - getDirectContext
    By bsimzer in forum Installation
    Replies: 27
    Last Post: 07-19-2007, 10:12 AM
  5. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •