3

I want to accomplish LDAP authentication on my Linux machine, but can't get it working. Currently, I get the following error in the Apache log: AH01617: user john.doe: authentication failure for "/": Password Mismatch

I'm using Ubuntu 14.04 LTS, Apache 2.4.7 and OpenLDAP.

I was following these tutorials (and more, but I am not allowed to post more links): https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-a-basic-ldap-server-on-an-ubuntu-12-04-vps
http://www.openldap.org/software/release/install.html

I am using a vhost with the following settings:

<VirtualHost *:80>
  ServerName test.dd-dns.de
  DocumentRoot /var/www/vhosts/test.dd-dns.de
</VirtualHost>

<Directory /var/www/vhosts/test.dd-dns.de/>
  AllowOverride None
  Options None
  DirectoryIndex start.html

  Include conf-available/ldap-auth.conf
  AuthName "AD/LDAP Authentification Test"
  Require valid-user
</Directory>

The referenced configuration file ldap-auth.conf is as follows:

  AuthBasicProvider ldap
  AuthType Basic
  AuthLDAPGroupAttribute member
  AuthLDAPGroupAttributeIsDN On
  AuthLDAPURL "ldap://localhost/dc=my,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)"
  AuthLDAPBindPassword "somepassword12345"

I activated those modules (apart from others):

  • auth_basic.load
  • auth_digest.load
  • authnz_ldap.load

I restarted apache several times.

I managed to issue some queries with ldapsearch and I installed phpLDAPadmin to set up all the users/settings in LDAP.

Still I get a 401 Unauthorized status code with the apache log entry posted above.

Do you have any hints on how to proceed?

It might be worth to mention that I have some strange error message in my apt-get. libpam-ldap:amd64 (184-8.5ubuntu3) could not read profile /usr/share/pam-configs/PaxHeaders.41249: No such file or directory at /usr/sbin/pam-auth-update line 674, line 2. Unfortunately, I could not fix that and I don't know what it means. However, phpLDAPadmin and ldapsearch works, so I am confident that LDAP Apache authentication should work, too.

I'm willing to provide additional information upon request.

Thanks in advance.

Tobias
  • 31

1 Answers1

0

I suggest for you to first test if the login work´s with ldapsearch like this

here follow´s a simple example using the posted info, you can type the passwrd as it will be prompted.

ldapsearch -x -b "ldap://localhost/dc=my,dc=domain,dc=com?sAMAccountName?sub" -W (objectClass=*) -y "somepassword12345"

If it fails, verify on AD where the username you are using are stored CN=

user2188241
  • 1