Apache LDAP身份验证的连接失败

Question

我试图让我的Apache2 docker box（基于Ubuntu）与AD身份验证一起使用，但我收到错误消息

Fri Nov 18 14:59:38.508164 2016] [authnz_ldap:debug] [pid 2906:tid 140020857906944] mod_authnz_ldap.c(516): [client 192.168.56.1:61467] AH01691: auth_ldap authenticate: using URL ldap://192.168.56.150/CN=Users,DC=comp,DC=local?sAMAccountName?sub?(objectClass=user)
[Fri Nov 18 14:59:38.508181 2016] [authnz_ldap:trace1] [pid 2906:tid 140020857906944] mod_authnz_ldap.c(537): [client 192.168.56.1:61467] auth_ldap authenticate: final authn filter is (&(objectClass=user)(sAMAccountName=testuser01))
[Fri Nov 18 14:59:38.508350 2016] [ldap:trace5] [pid 2906:tid 140020857906944] util_ldap.c(329): [client 192.168.56.1:61467] LDC 7f593ab9e0a0 init
[Fri Nov 18 14:59:38.548846 2016] [ldap:trace5] [pid 2906:tid 140020857906944] util_ldap.c(186): [client 192.168.56.1:61467] LDC 7f593ab9e0a0 unbind
[Fri Nov 18 14:59:38.549037 2016] [authnz_ldap:info] [pid 2906:tid 140020857906944] [client 192.168.56.1:61467] AH01695: auth_ldap authenticate: user testuser01 authentication failed; URI /repos [LDAP: ldap_start_tls_s() failed][Connect error]
[Fri Nov 18 14:59:38.549047 2016] [core:trace3] [pid 2906:tid 140020857906944] request.c(119): [client 192.168.56.1:61467] auth phase 'check user' gave status 500: /repos
[Fri Nov 18 14:59:38.549088 2016] [http:trace3] [pid 2906:tid 140020857906944] http_filters.c(1006): [client 192.168.56.1:61467] Response sent with status 500, headers:

如您所见，我的AD服务器IP为192.168.56.150。启用S​​TL强制，Apache配置为：

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        LogLevel trace8

        ErrorLog ${APACHE_LOG_DIR}/svn-error.log
        CustomLog ${APACHE_LOG_DIR}/svn-access.log combined

        <Location / >
            DAV svn
            SVNParentPath /var/www/svn
            SVNReposName "Subversion Repository"

            AuthBasicProvider ldap
            AuthType Basic
            AuthName "AD Authorization Realm"
            AuthLDAPURL "ldap://192.168.56.150/CN=Users,DC=comp,DC=local?sAMAccountName?sub?(objectClass=user)" STARTTLS
            AuthLDAPBindDN cn=coops,cn=users,dc=comp,dc=local
            AuthLDAPBindPassword 123456

            Require valid-user
            Require ldap-group CN=developers,CN=Users,DC=comp,DC=local
            AuthLDAPGroupAttribute member
            AuthLDAPGroupAttributeIsDN off
        </Location>
</VirtualHost>

LDAPTrustedMode STARTTLS
LDAPVerifyServerCert on
LDAPTrustedGlobalCert CA_BASE64 /etc/apache2/certs/caroot.crt

我可以从某个LDAP客户端访问AD。

有人知道为什么我的Apache服务器不起作用吗？