Problem authenticating Apache - LDAP - Active Directory using a AD group
Hi,
Maybe someone overhere can help me with this issue. I'm trying to authenticate an apache website against an Active Directory LDAP service. I already got it working properly when I want to check if a user is in a certain container in the AD. But I want to change it to using an AD group because users from other containers also need access.
I run into the problem that I can log in but I almost always get a webpage with an error message: "internal server error". After refreshing the page a lot of times I get to see the correct webpage. Then, after a couple of minutes happily clicking, again the website shows an "internal server error" again. So something is going wrong, but I don't know what. It's strange cause authenticating users in a container works without any problems.
Fedora7, apache 2.2, AD windows 2003
I'm not sure it's an apache configuration error but here is my config:
Group access (this one gives me problems):
<Directory "/usr/local/nagios/sbin">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative on
AuthName "Nagios Access"
AuthLDAPURL "ldap://ezhdc01:389/dc=elisabeth,dc=nl?sAMAccountName?sub?(objectClass =*)"
#AuthLDAPURL "ldap://ezhdc01:389/dc=elisabeth,dc=nl?sAMAccountName?sub?(objectCateg ory=person)"
AuthLDAPBindDN "cn=sa_nagios,ou=Service Accounts,ou=admins,dc=elisabeth,dc=nl"
AuthLDAPBindPassword "**********"
Require ldap-group cn=APP_Nagios,ou=Applicaties,ou=Groups,ou=EZH,dc=e lisabeth,dc=nl
#Require valid-user
#AuthLDAPGroupAttributeIsDN on
</Directory>
Users in a certain container example (this one works alright and gives me no problem):
<Directory "/usr/local/nagios/sbin">
AuthzLDAPAuthoritative on
AuthName "Nagios Access"
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
Require valid-user
AuthLDAPURL "ldap://ezhdc01:389/ou=Users,ou=admins,dc=elisabeth,dc=nl?sAMAccountNa me?sub?(objectClass=*)"
AuthLDAPBindDN "cn=sa_nagios,ou=Service Accounts,ou=admins,dc=elisabeth,dc=nl"
AuthLDAPBindPassword "***********"
</Directory>
Anyone any ideas?
|