it's not working and apache log files are no help.
htaccess file:
- Code: Select all
# Authentication realm and method:
AuthType Basic
AuthName "LDAP Auth"
AuthBasicProvider ldap
AuthUserFile /dev/null
AuthBasicAuthoritative Off
# DN of Active Directory server
AuthLDAPUrl ldap://server.domain.lancs.sch.uk:389/DC=domain,DC=lancs,DC=sch,DC=uk??base?(objectClass=*)
# An account in the AD that has enough permissions to perform an LDAP search
AuthLDAPBindDN "CN=domainadminaccount,ou=admins,DC=domain,DC=lancs,DC=sch,DC=uk"
AuthLDAPBindPassword password
# When checking for group membership, use the DN of the user, not the HTTP entry
AuthLDAPGroupAttributeIsDN on
# Require groups, specifying the DN of the security group
require group CN=teachergroup,OU=teacherou,DC=domain,DC=lancs,DC=sch,DC=uk
require group CN=Domain Admins,OU=Adminsou,DC=domain,DC=lancs,DC=sch,DC=uk
apache log:
[Fri Jul 02 10:58:42 2010] [warn] [client 192.168.0.8] [6848] auth_ldap authenticate: user sophos@domain.lancs.sch.uk authentication failed; URI /wordpress/ [ldap_search_ext_s() for user failed][Operations Error]
[Fri Jul 02 10:58:42 2010] [error] [client 192.168.0.8] access to /wordpress/ failed, reason: verification of user id 'sophos@domain.lancs.sch.uk' not configured
looking at the ldap requests in wireshark
bindrequest(187) "<root>" simple
bindresponse(187) success
searchrequest (6710905) dc=domaindnszones, dc=domain, dc=lancs, dc=sch,dc=uk" wholesubtree filter: (&(objectclass=*)(uid=username@domain.etc))
searchresdone(67109056) operations error ldaperr: DSID-0c090627 in orderr to perform this op a successful bind must be completed
bindrequest(188) "<root" simple
bindresponse(188) success
searchrequest (100663488) dc=configuration, dc=domain, dc=lancs, dc=sch,dc=uk" wholesubtree filter: (&(objectclass=*)(uid=username@domain.etc))
searchresdone(100663488) operations error ldaperr: DSID-0c090627 in orderr to perform this op a successful bind must be completed
I think the problem is its not binding with the account details in the htaccess file. i have no idea why tho.