Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache - LDAP - Internal Server Error |
|
| Author |
|
flatcircle
Joined: 27 Jun 2006
Posts: 79
|
 Posted: Thu 10 Sep '09 11:38 Post subject: Apache - LDAP - Internal Server Error |
 |
|
I setup my Apache to authorize users by using LDAP.
Everything is working great.
However, once a week I get an Internal Server Error.
Log file entry: [ldap_search_ext_s() for user failed][Operations Error]
Restarting the Apache service doens't help, I have to reboot the server. After that everything is working again.
Don't have a clue what could be causing this?
Any ideas folks?
Regards. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Thu 10 Sep '09 11:57 Post subject: |
|
|
I have no clue. I use the alternative mod_sspi for Windows Domain user
| Code: |
<Directory "c:/httpd/html/secure">
Options All +MultiViews +ExecCGI -Indexes +Includes
AllowOverride None
Order allow,deny
Allow from all
# SSPI authentication
AuthName "Please Enter Your Username and Password"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
require valid-user
# or a NT-Securitygroup
# require group webusers
</Directory>
|
or it was
| Code: |
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain DOMAINNAME
SSPIOfferBasic On
|
I'm note sure which is the right one. It has been a while  |
|
| Back to top |
|
flatcircle
Joined: 27 Jun 2006
Posts: 79
|
| Posted: Thu 10 Sep '09 13:09 Post subject: |
|
|
Thank you for the advice. I'll check it out.
Is it possible to filter like with the LDAP module?
Example: Require ldap-filter &(mail=*@sub.domain.com)
(only allow users from a subdomain based on their email address)
Regards. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Thu 10 Sep '09 16:13 Post subject: |
|
|
FAIK there is not filter like that.
On the require of a group
Options I know
SSPIOmitDomain - set to 'on' if you want the usernames to have the domain prefix OMITTED, on = user, off = DOMAIN\\user
require valid-user # any valid user will do, useful for logging
# who accessed each file, for example
require user DOMAIN\Username # require a specific user
require group DOMAIN\Groupname # require a group member
require user "NT DOMAIN\User name" # require a user with spaces in logon id |
|
| Back to top |
|
|
|
|
|
|
