Authentication against LDAP on Apache fails with password mismatch
I want to accomplish LDAP authentication on my Linux machine, but can't get it working. Currently, I get the following error in the Apache log: AH01617: user john.doe: authentication failure for "/": Password Mismatch
I'm using Ubuntu 14.04 LTS, Apache 2.4.7 and OpenLDAP.
I was following these tutorials (and more, but I am not allowed to post more links):
I am using a vhost with the following settings:
<VirtualHost *:80> ServerName test.dd-dns.de DocumentRoot /var/www/vhosts/test.dd-dns.de
</VirtualHost>
<Directory /var/www/vhosts/ AllowOverride None Options None DirectoryIndex start.html Include conf-available/ldap-auth.conf AuthName "AD/LDAP Authentification Test" Require valid-user
</Directory>The referenced configuration file ldap-auth.conf is as follows:
AuthBasicProvider ldap AuthType Basic AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN On AuthLDAPURL "ldap://localhost/dc=my,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindPassword "somepassword12345"I activated those modules (apart from others):
- auth_basic.load
- auth_digest.load
- authnz_ldap.load
I restarted apache several times.
I managed to issue some queries with ldapsearch and I installed phpLDAPadmin to set up all the users/settings in LDAP.
Still I get a 401 Unauthorized status code with the apache log entry posted above.
Do you have any hints on how to proceed?
It might be worth to mention that I have some strange error message in my apt-get. libpam-ldap:amd64 (184-8.5ubuntu3) could not read profile /usr/share/pam-configs/PaxHeaders.41249: No such file or directory at /usr/sbin/pam-auth-update line 674, line 2. Unfortunately, I could not fix that and I don't know what it means. However, phpLDAPadmin and ldapsearch works, so I am confident that LDAP Apache authentication should work, too.
I'm willing to provide additional information upon request.
Thanks in advance.
1 Answer
I suggest for you to first test if the login work´s with ldapsearch like this
here follow´s a simple example using the posted info, you can type the passwrd as it will be prompted.
ldapsearch -x -b "ldap://localhost/dc=my,dc=domain,dc=com?sAMAccountName?sub" -W (objectClass=*) -y "somepassword12345" If it fails, verify on AD where the username you are using are stored CN=
