Hi,
I have an apache 2.2 webserver with some private content that I want to use LDAP auth of my zimbra users to authenticate. No reason for another external ldap synced to zimbra ldap for basic authentication which is all I'm after here. However, apache 2.2 keeps giving authorise denied.
Server is zimbra.mydomain.com, default domain for user accounts in mydomain.com
.htaccess for directory is very basic :
Code:
AuthName "Staff Only"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldap://zimbra.mydomain.com:389/ou=people,dc=mydomain,dc=com?uid?sub?(objectClass=organizationalPerson)
require valid-user
Trying to authenticate this way produces the following on zimbra server (slapd.conf:loglevel 256):
Note: IPs and domains sanitized.
Code:
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 fd=46 ACCEPT from IP=xxx.yyy.zzz.aaa:39788 (IP=aaa.bbb.ccc.ddd:389)
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=0 BIND dn="" method=128
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=0 RESULT tag=97 err=0 text=
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=1 SRCH base="ou=people,dc=mydomain,dc=com" scope=2 deref=3 filter="(&(objectClass=organizationalPerson)(uid=jdell))"
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=1 SRCH attr=uid
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=2 BIND dn="uid=jdell,ou=people,dc=mydomain,dc=com" method=128
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=2 BIND dn="uid=jdell,ou=people,dc=mydomain,dc=com" mech=SIMPLE ssf=0
Jan 22 22:26:32 zimbra slapd[7931]: conn=16378 op=2 RESULT tag=97 err=0 text=
From my reading of
http://www.redhat.com/docs/manuals/d...i/6.01/log.htm, it seems that the tag=97 is a result from client bind, and err=0 means success, yet it isn't working.
Apache 2.2 logs show the following (LogLevel=debug):
Code:
[Mon Jan 22 22:51:00 2007] [debug] mod_authnz_ldap.c(849): [2525] auth_ldap url parse: `ldap://zimbra.mydomain.com:389/ou=people,dc=mydomain,dc=com?uid?sub?(objectClass=organizationalPerson)'
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(858): [2525] auth_ldap url parse: Host: zimbra.mydomain.com:389
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(860): [2525] auth_ldap url parse: Port: 389
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(862): [2525] auth_ldap url parse: DN: ou=people,dc=mydomain,dc=com
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(864): [2525] auth_ldap url parse: attrib: uid
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(866): [2525] auth_ldap url parse: scope: subtree
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(871): [2525] auth_ldap url parse: filter: (objectClass=organizationalPerson)
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(951): LDAP: auth_ldap not using SSL connections
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(373): [client 69.239.134.73] [2525] auth_ldap authenticate: using URL ldap://zimbra.mydomain.com:389/ou=people,dc=mydomain,dc=com?uid?sub?(objectClass=organizationalPerson)
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(454): [client 69.239.134.73] [2525] auth_ldap authenticate: accepting jdell
[Mon Jan 22 22:26:32 2007] [debug] mod_authnz_ldap.c(826): [client 69.239.134.73] [2525] auth_ldap authorise: authorisation denied
So, I can't see anything wrong except that apache 2.2 mod_authnz_ldap doesn't like it. Any ideas?
Bugzilla
Wiki
Source
apache 2.2 mod_authnz_ldap to zimbra help? 
amazing really.... 
Thank You! 
Linear Mode
