I need your help. Maybe I cannot see the failure.
Since Apache 2.2 multiple authentication providers are now supported. I have a monitoring system. This system should have a LDAP authentication and as a fall back (when the service is not available) the normal file authentication.
Now I configured a ldap user and a passwd user.
(ldap user: ldap_user)
(file user: file_user)
Apache version:
- Code: Select all
Server version: Apache/2.2.15 (Unix)
Server built: Aug 24 2015 09:46:04
Now I did a configuration:
- Code: Select all
<VirtualHost 1.1.1.1:80>
ServerName test.example.com
DocumentRoot "/var/www/"
<Location /cluster>
Require valid-user
AuthType Basic
AuthName "Blubb"
AuthBasicProvider ldap file
#AuthBasicProvider file ldap
AuthzLDAPAuthoritative Off
AuthLDAPURL "ldap://localhost/OU=User,OU=1001,OU=Hosting,DC=mydomain,DC=dom?sAMAccountName?sub"
#AuthLDAPURL "ldap://dc.example.com/OU=User,OU=1001,OU=Hosting,DC=mydomain,DC=dom?sAMAccountName?sub"
AuthLDAPBindDN "CN=Mr Smith,OU=User,OU=1001,OU=Hosting,DC=mydomain,DC=dom"
AuthLDAPBindPassword "Pass"
AuthUserFile /home/xymon/server/etc/xymonpasswd
</Location>
LogLevel debug
CustomLog /var/log/httpd/example.com-access.log common
ErrorLog /var/log/httpd/example.com-error.log
</VirtualHost>
The LDAP authentication and the file authentication works fine, but both together are a problem.
When I try "AuthBasicProvider ldap file" then the ldap authentication works with the ldap user. When I try the passwd user, I get an password missmatch in the log file.
When I try "AuthBasicProvider file ldap" then the passwd user works but not the ldap user.
When I give him a server which not have a ldap service (thats to simulate when the ldap server is down), I get a internal server error and the following messages:
- Code: Select all
[Mon Oct 05 16:22:51 2015] [debug] mod_authnz_ldap.c(432): [client 1.1.1.2] [9308] auth_ldap authenticate: using URL ldap://server-without-ldap.example.com/OU=User,OU=1001,OU=Hosting,DC=mydomain,DC=dom?sAMAccountName?sub
[Mon Oct 05 16:22:51 2015] [debug] mod_authnz_ldap.c(432): [client 1.1.1.2] [9308] auth_ldap authenticate: using URL ldap://server-without-ldap.example.com/OU=User,OU=1001,OU=Hosting,DC=mydomain,DC=dom?sAMAccountName?sub
[Mon Oct 05 16:22:51 2015] [debug] mod_authnz_ldap.c(432): [client 1.1.1.2] [9308] auth_ldap authenticate: using URL ldap://server-without-ldap.example.com/OU=User,OU=1001,OU=Hosting,DC=mydomain,DC=dom?sAMAccountName?sub
[Mon Oct 05 16:22:51 2015] [debug] mod_authnz_ldap.c(432): [client 1.1.1.2] [9308] auth_ldap authenticate: using URL ldap://server-without-ldap.example.com/OU=User,OU=1001,OU=Hosting,DC=mydomain,DC=dom?sAMAccountName?sub
[Mon Oct 05 16:22:51 2015] [debug] mod_authnz_ldap.c(432): [client 1.1.1.2] [9308] auth_ldap authenticate: using URL ldap://server-without-ldap.example.com/OU=User,OU=1001,OU=Hosting,DC=mydomain,DC=dom?sAMAccountName?sub
[Mon Oct 05 16:22:51 2015] [info] [client 1.1.1.2] [9308] auth_ldap authenticate: user file_user authentication failed; URI /cluster/82P6_q_netboot.tgz [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
I hope you can help me.
Thanks,
Mordecaine