我在centos上的ldap配置有问题。我必须设置一个ldap配置,允许特定用户通过web访问目录 我已经查看了其他问题并回答了这个主题,但没有找到解决方案。
这是我的ldap配置:
LDAPVerifyServerCert Off
<Location "/users">
AuthType Basic
AuthName "Authentication required"
AuthBasicProvider ldap
AuthLDAPURL ldaps://hosta/ou=People,dc=lab,dc=local?uid
AuthLDAPBindDN uid=ApacheUser,ou=ServiceUser,dc=lab,dc=local
AuthLDAPBindPassword {SSHA}KS9kGBfWdnC8NrXmFEOxzaYDNZbD2BNj
Require valid-user
</Location>
目录用户具有所有用户/组和所有者root的读访问权。
当我尝试通过webbrowser连接时,我总是收到以下错误消息:
[Sat Dec 27 12:42:11.500241 2014] [authnz_ldap:debug] [pid 2163] mod_authnz_ldap.c(501): [client 192.168.56.1:52161] AH01691: auth_ldap authenticate: using URL ldaps://hosta/dc=local,dc=lab,ou=People?uid
[Sat Dec 27 12:42:11.500415 2014] [ldap:debug] [pid 2163] util_ldap.c(372): AH01278: LDAP: Setting referrals to On.
[Sat Dec 27 12:42:11.515868 2014] [authnz_ldap:info] [pid 2163] [client 192.168.56.1:52161] AH01695: auth_ldap authenticate: user joe authentication failed; URI /users/ [LDAP: ldap_simple_bind() failed][Invalid credentials]
[Sat Dec 27 12:42:11.515910 2014] [auth_basic:error] [pid 2163] [client 192.168.56.1:52161] AH01617: user joe: authentication failure for "/users/": Password Mismatch
但凭据肯定是正确的,使用了。
使用ldapsearch我收到joe的以下结果: ldapsearch -H ldaps:// hosta -D uid = ApacheUser,ou = ServiceUser,dc = lab,dc = local -b uid = joe,ou = People,dc = lab,dc = local -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <uid=joe,ou=People,dc=lab,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# joe, People, lab.local dn: uid=joe,ou=People,dc=lab,dc=local objectClass: person objectClass: inetOrgPerson objectClass:
organizationalPerson objectClass: posixAccount cn: Joe Everyman
uidNumber: 1010 gidNumber: 99 homeDirectory: /home/joe loginShell:
/bin/bash sn: Everyman givenName: Joe uid: joe userPassword::
e1NTSEF9S1M5a0dCZldkbkM4TnJYbUZFT3h6YVlETlpiRDJCTmo=
# search result search: 2 result: 0 Success
# numResponses: 2
# numEntries: 1
我希望你能给我一个提示,我的配置有什么问题。
BR 迈克尔