Hi, I'm having problems getting LDAP authentication to work on Apache 2.2.0 on FC5. I'm trying to use the authz_ldap module. In authz_ldap.conf, I have: -------------------------- ---------- -------- LoadModule authz_ldap_module modules/mod_authz_ldap.so AuthType basic AuthName 'My AD-Secured Area' AuthzLDAPServer my.activedirectory.ldap.se rver AuthzLDAPUserBase 'ou=Users, ou=xxx, ou=xxx, dc=xxx, dc=xxx' AuthzLDAPUserKey cn # AuthzLDAPUserScope subtree AuthzLDAPMethod ldapmapped AuthzLDAPMapMethod ad AuthzLDAPGroupBase 'ou=Groups, ou=xxx, ou=xxx, dc=xxx, dc=xxx' AuthzLDAPGroupScope subtree require ldap-group cn=mygroup -------------------------- ---------- -------- First of all, look at the top section. I have to set AuthzLDAPUserBase to the exact OU where my accounts are.

Hi, LDAP is very new for me. I'm having problems getting LDAP authentication to work on Apache 2.0 on RedHat Linux. I'm trying to use the mod_authz_ldap.so module. Mod_authz_ldap can only be installed as a dynamic shared object (DSO), the version statically linked into the apache server is no longer supported. (7 replies) Hi, I am looking at LDAP module for Apache httpd for authentication. The 'yum install' gives me 'mod_authz_ldap.i386 0:0.26-9.el5_5.1', whereas on Apache.

If I enable 'AuthzLDAPUserScope subtree', LDAP cannot find my account I'm trying to login with. Even if I'm still pointing to the exact OU it is in, if the subtree option is uncommented, the search will fail. What's up with that? This won't work if I need to search multiple OU's in the directory. Secondly, look at the bottom section that has the group stuff. My goal is to have only people in the 'mygroup' group to be authorized. However, ALL users are forbidden.

Even users that are members of that group. I'm hoping there is just some slight tweaking that I don't know about because I'm new to Apache LDAP configuration. Some help will be greatly appreciated. Thanks, Josh. Actually, adding that line causes a 500 server error when the authentication is attempted.

Bs En 1090-2 Pdf Download. Thing is, though, that I've got the LDAP working. It works, unless I attempt to do these two things: (a) Use subtree to traverse the directory for a user account. I have to point to the actual OU the accounts are in.

And (b) Get authorization working based on a user group. If I point directly to a particular OU, and do 'require valid-users' (allowing ALL authenticated users to get through), it works. But I need to authenticate users from numerous OUs, and only those in particular groups.

Thanks for everybody's further help, Josh. My final solution was to abandon Apache v2.2 and instead utilize Apache v2.0, which has different LDAP authentication directives. With v2.0, my final config looked like this: AuthName 'My Secure Area' AuthType Basic AuthLDAPEnabled on AuthLDAPAuthoritative on AuthLDAPURL 'ldap://my.server.domain:3 89/ou=xxx, dc=xxx, dc=xxx?cn?sub?(objectClass =*)' AuthLDAPBindDN 'AdminDN' AuthLDAPBindPassword AdminPassword AuthLDAPGroupAttribute member require group CN=mygroup,OU=xxx,DC=xxx,D C=xxx Apache v2.0 LDAP configs use 'require group' instead of 'require ldap-group'. Furthermore, I don't know if it is a Windows/Linux thing or a v2.2/v2.0 thing, but my v2.0 deployment was on a Windows machine, and the subtree functionality worked fine, as did the 'require group' line.

This was a solution only in that I changed the platform and the version of Apache. Not many people have that option, so this may not be beneficial to many people. It has been resolved, nonetheless. Manual For Streets Visibility Calculator Watch.