Re^3: PerlCGI + Apache ldap authentication configuration

in reply to Re^2: PerlCGI + Apache ldap authentication configuration
in thread PerlCGI + Apache ldap authentication configuration

Hmmm. In this case, my next step would be to look in the DC's event log. (Ours is configured to log failed authentication attempts, I suppose yours does this, too)

And, although the last message says "Password Mismatch", theoretically it could be a misspelt username as well, or even a wrong domain.

Comment on Re^3: PerlCGI + Apache ldap authentication configuration

Replies are listed 'Best First'.
Re^4: PerlCGI + Apache ldap authentication configuration by vinoth.ree (Monsignor) on Apr 14, 2020 at 17:51 UTC
Hi soonix, I fixed the issue. `AuthLDAPURL "LDAP://xx.xx.xxx.xx:389/OU=Accounts,OU=XX,OU=XXXX,OU=XX,D +C=DOMAIN,DC=com?sAMAccountName?sub?(&(sAMAccountName=)(objectClass=P +erson))" AuthLDAPBindDN "CN=service-account,OU=ProcessIDs,OU=Logical Secure,OU= +Core Directory Service,DC=DOMAIN,DC=com"` [download] I found that at `AuthLDAPURL` line we need to use the authenticated user's DN details + the filter information and at `AuthLDAPBindDN` line we need to put the service account's dn details. All is well. I learn by answering your questions...*	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^4: PerlCGI + Apache ldap authentication configuration
by vinoth.ree (Monsignor) on Apr 14, 2020 at 17:51 UTC

Hi soonix,

I fixed the issue.

AuthLDAPURL "LDAP://xx.xx.xxx.xx:389/OU=Accounts,OU=XX,OU=XXXX,OU=XX,D
+C=DOMAIN,DC=com?sAMAccountName?sub?(&(sAMAccountName=*)(objectClass=P
+erson))"
AuthLDAPBindDN "CN=service-account,OU=ProcessIDs,OU=Logical Secure,OU=
+Core Directory Service,DC=DOMAIN,DC=com"
[download]

I found that at AuthLDAPURL line we need to use the authenticated user's DN details + the filter information and at AuthLDAPBindDN line we need to put the service account's dn details.

All is well. I learn by answering your questions...

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom