我正在尝试将apache2与ldap服务器进行身份validation。 基本上我想实现,通过我的phpldapadmin GUI在LDAP中创build的用户应该能够loginApache。 现在我得到“auth_basic:error] [pid 29367] [client 122.15.156.72:26588] AH01618:用户pipe理员没有find:/”当试图从Apache与ldap用户login。
我正在使用apache 2.4.18和新版本的ldap。
我跟随了互联网上可用的许多文档进行configuration设置。
<Directory /var/www/html> AuthName "Test User Authentication" AuthType basic AllowOverRide None AuthBasicProvider ldap AuthLDAPURL "ldap://<ipaddress>/CN=admin,DC=test,DC=com?sAMAccountName?sub?(ObjectClass=*)" #AuthLDAPURL "ldap://localhost:389/dc=comcast,dc=com?sub?" #AuthLDAPBindDN "cn=admin,dc=test,dc=com" #AuthLDAPBindDN "cn=test,cn=myGroup,ou=testGroup,dc=test,dc=com" AuthLDAPBindDN "[email protected]" #AuthLDAPBindPassword "v0QDRz34sQPuT4b1Ox7YqAL8uQ05jARn" AuthLDAPBindPassword admin123 Require valid-user #require ldap-user admin test #LDAPVerifyServerCert off #AuthzLDAPAuthoritative off </Directory> # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASE dc=test,dc=com URI ldap://127.0.0.1:389 #ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never loglevel -1 # TLS certificates (needed for GnuTLS) TLS_CACERT /etc/ssl/certs/ca-certificates.crt =================================================================
slapd.conf:(我在我的LDAP安装slapd.d,后来我把它改为slapd.conf)
allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile /var/run/slapd/slapd.args # Read slapd.conf(5) for possible values loglevel -1 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_hdb sizelimit 500 tool-threads 1 backend hdb database hdb # The base of your directory in database #1 suffix "dc=test,dc=com" #cn=admin,dc=test,dc=com directive for specifying a superuser on the database. This is needed # for syncrepl. rootdn "cn=admin,dc=test,dc=com" #rootpw "v0QDRz34sQPuT4b1Ox7YqAL8uQ05jARn" rootpw "admin123" directory "/var/lib/ldap" dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 # Number of locks (both requested and granted) dbconfig set_lk_max_locks 1500 # Number of lockers dbconfig set_lk_max_lockers 1500 index objectClass eq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=test,dc=com" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by self write by * none access to * by dn="cn=admin,dc=test,dc=com" write by * read
================================================== =================
如果我在configuration部分有任何错误,请帮忙。 我怀疑sasl方面有些变化,但我没有得到更多的细节,或者我不确定这个问题是因为那个。