Re: SVN, HTTPD 2.2.8 & Active Directory

Re: SVN, HTTPD 2.2.8 & Active Directory

am 31.03.2008 10:14:22 von Eric

UP ?

On Mar 28, 4:11 pm, Eric wrote:
> Hello all !
>
> I am trying to connect an Apache server to an Active Directory server
> - the goal is to use AD account to access a Subversion server - for
> one of my customer.
> I made a lot of tests using either mod_auth_ldap or mod_authz_ldap,
> unsuccesfully.
>
> As of now, I am in a no way road, with a huge headache :-(
>
> So here is my configuration : Fedora 8, Apache 2.2.8, mod_auth_ldap,
> mod_authz_ldap, etc.
>
> I try to add AD authentification access on a folder, let's say /svn/
> repositories/authz/
> To do so, I use the following Apache's .conf file :
> Alias /authz /svn/repositories/authz/
>
> AuthzLDAPMethod ldap
>
> AuthType Basic
> AuthName "Secure Area"
>
> AuthzLDAPAuthoritative On
> AuthzLDAPProtocolVersion 3
>
> AuthzLDAPServer server:389
> AuthzLDAPUserBase dc=domain,dc=net
> AuthzLDAPUserKey sAMAccountName
> AuthzLDAPUserScope subtree
>
> AuthzLDAPBindDN "rightu...@domain.net"
> AuthzLDAPBindPassword "secret"
>
> require valid-user
>
>
> I have a popup window asking me login/passwd but of course, it does
> not work.
> You will find hereunder Apache's error-log file, a tethereal network
> dump network, taken before I type login/passwd.
>
> I succeed in doing ldap requests using ldapsearch for instance. I also
> try phpldapadmin to check wether it is working or not
>
> Thanks a lot for your help.
>
> Eric.
>
> Apache error_log file:
> [Fri Mar 28 16:08:18 2008] [error] [client xx.xx.xx.xx] [15622] search
> from 'dc=domain,dc=net' for '(sAMAccountName=rightuser)' returns 1 =
> 'Operations error'
> [Fri Mar 28 16:08:18 2008] [error] [client xx.xx.xx.xx][15622] filter:
> (sAMAccountName=rightuser) base: dc=domain,dc=net, not found
> [Fri Mar 28 16:08:18 2008] [error] [client xx.xx.xx.xx] [15622] basic
> LDAP authentication of user 'rightuser' failed
>
> tethereal -f "host ldap"
> 149.505455 myserver -> ldap LDAP bindRequest(1) simple
> 149.508430 ldap -> myserver LDAP bindResponse(1)
> 149.508445 myserver -> ldap TCP 44582 > ldap [ACK] Seq=54 Ack=23
> Win=5888 Len=0 TSV=1482383013 TSER=7533109
> 149.508581 myserver -> ldap LDAP searchRequest(2) "dc=domain,dc=net"
> wholeSubtree
> 149.509330 ldap -> myserver LDAP searchResDone(2)
> 149.518161 myserver -> ldap TCP 44584 > ldap [SYN] Seq=0 Win=5840
> Len=0 MSS=1460 TSV=1482383022 TSER=0 WS=7
> 149.520417 ldap -> myserver TCP ldap > 44584 [SYN, ACK] Seq=0 Ack=1
> Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
> 149.520435 myserver -> ldap TCP 44584 > ldap [ACK] Seq=1 Ack=1
> Win=5888 Len=0 TSV=1482383025 TSER=0
> 149.520506 myserver -> ldap LDAP bindRequest(4) simple
> 149.521243 ldap -> myserver LDAP bindResponse(4)
> 149.521259 myserver -> ldap TCP 44584 > ldap [ACK] Seq=15 Ack=23
> Win=5888 Len=0 TSV=1482383025 TSER=7533110
> 149.540201 myserver -> ldap LDAP searchRequest(3)
> "DC=ForestDnsZones,DC=domain,DC=net" wholeSubtree
> 149.540712 ldap -> myserver LDAP searchResDone(3) operationsError
> (00000000: LdapErr: DSID-0C090627, comment: In order to perform this
> operation a successful bind must be completed on the connection., data
> 0, vece)
> 149.540833 myserver -> ldap LDAP unbindRequest(11)
> 149.540850 myserver -> ldap TCP 44584 > ldap [FIN, ACK] Seq=123
> Ack=196 Win=6912 Len=0 TSV=1482383045 TSER=7533110
> 149.540982 myserver -> ldap LDAP unbindRequest(12)
>
> tethereal -n -x -f "host ldap"
> 16.530770 myserver -> ldap LDAP bindRequest(1) simple
> ....m...%J.`..E.
> .i..@.@.!...d...
> ...g..".P.......
> ..A.......Xx.8..
> ..03...`......ri
> ghtuser@dom
> ain.net..se
> cre
>
> 16.533486 ldap -> myserver LDAP bindResponse(1)
> ..%J.`....m...E.
> .Je.@...TO......
> d....g....".P...
> ..U........s<.Xx
> .50........a....
> ........
>
> some lines after:
> 16.569809 ldap -> myserver LDAP searchResDone(7) operationsError
> (00000000: LdapErr: DSID-0C090627, comment: In order to perform this
> operation a successful bind must be completed on the connection., data
> 0, vece)
>
> ..%J.`....m...E.
> ..e.@...S.......
> d....m....!. > ..]........s<.Xx
> ._0........e....
> ............0000
> 0000: LdapErr: D
> SID-0C090627, co
> mment: In order
> to perform this
> operation a succ
> essful bind must
> be completed on
> the connection.
> data 0, vece.