[Freeipa-users] Re: mod_authz_ldap authentication against ipa
Simo Sorce
ssorce at redhat.com
Tue Oct 14 11:08:21 UTC 2008
On Tue, 2008-10-14 at 02:44 +0300, Ivan Levchenko wrote:
> On Tue, Oct 14, 2008 at 12:47 AM, Ivan Levchenko <levchenko.i at gmail.com> wrote:
> > HI,
> >
> > I'm trying to setup apache authentication via mod_authz_ldap, but it
> > i'm having some problems with it.
> > i've setup apache as per
> > http://directory.fedoraproject.org/wiki/Howto:Apache, changed the
> > AuthzLDAPUserBase directive to
> > cn=users,cn=accounts,dc=example,dc=com, but its not authenticating...
> >
> > after reading the docs for mod_authz_ldap, it says:
> > The password is verified by binding to the directory as the user whose
> > distinguished name was found in the previous step, with the password
> > from the login dialog.
> >
> > I've tried to connect to the ldap server using a reguler user created
> > via the web interface and i was not able to.
> >
> > am i doing something wrong, or is it not possible to authenticate
> > against ldap and i should only use kerberos?
> >
> > thanks in advance.
> > --
> >
> > Best Regards,
> >
> > Ivan Levchenko
> > levchenko.i at gmail.com
> >
>
> another thing...
>
> trying to use authentication when doing a regular ldapsearch:
>
> ldapsearch -v -x -W -h master.example.com -D
> "uid=ivan,cn=users,cn=accounts,dc=example,dc=com" -b
> "cn=users,cn=accounts,dc=example,dc=com" uid=ivan
> ldap_initialize( ldap://master.example.com )
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> ... a bit lost why it isn't authenticating....
Kerberos auth is the recommended one. Tho simple auth should work too.
Simo.
More information about the Freeipa-users
mailing list