I am trying to get Apache 2.2 on a remote Ubuntu 10.04 LTS machine to authenticate to Zimbra LDAP. Zimbra version is Release 7.0.0_GA_3077.UBUNTU10_64 UBUNTU10_64 FOSS edition.
I have ldap access set up between the two machines and I can successfully query ldap from the machine with Apache on it using the following command...
However, when I install mod_authnz_ldap and follow these instructions it never authenticates. I get the following Apache error message
ldapsearch -x -b 'ou=people,dc=onepointltd,dc=com' -H 'ldap://mail.onepointltd.com:389' -D 'uid=zimbra,cn=admins,cn=zimbra' -w somethingsecret
This is my .htaccess file...
[Thu Aug 11 08:33:20 2011] [error] [client 126.96.36.199] user simon not found: /
[Thu Aug 11 08:33:56 2011] [warn] [client 188.8.131.52]  auth_ldap authenticate: user simon authentication failed; URI / [User not found][No such object]
I have tried with and without the AuthzLDAPAuthoritative statement.
AuthName "Subversion repository"
I have tried increasing the log level of Apache to DEBUG but it still doesn't give any more information regarding the failed LDAP authentication.
The UID "simon" definitely exists. If I grep the ldapsearch output for "simon" I get,
I've tried logging in as "simon" and "simon.blandford". Same result.
# simon, people, onepointltd.com
# simon.blandford, people, onepointltd.com
I have increased the log level in /opt/zimbra/conf/log4j.properties.in on the Zimbra server to "DEBUG" for ldap and security.
Although I can see debug output go by when I tail the log for ldap. It shows no response to either a failed Apache attempt nor a successful ldapsearch query.
I have tried booting with Appamor disabled in case Apache was being blocked from accessing remote LDAP but this makes no difference.
Would appreciate any help or advice on either what the problem may be or how to get meaningful log output from somewhere.