Topic: In apache, what LDAP authentication mechanism is used ?

[lakshmi]

Admin Note:

Combined your four posts.

Post 1

In apache, what LDAP authentication mechanism is used?

Is this simple authentication or SASL Digest MD5, ..)?

Post 2

can LDAP SASL mechanism be specified in Apache configuration

we are able to specify only the 'authbasicprovider ldap'
ldap url, bind username and password in the apache httpd configuration file.

Can LDAP SASL (Digest MD5, GSSAPI,…) mechanism be specified in the Apache configuration during authentication?
If so, how to specify the LDAP SASL mechanism?

Post 3

Kerberos LDAP authentication in Apache

Can Apache httpd perform Kerberos LDAP authentication?

If so, Please briefly let me know the steps to configure the Apache for Kerberos authentication.

Post 4


can ldap authProvider be used with authdigest provider?

In apache httpd configuration for SVN repository,

AuthBasicProvider can be ldap, file,..

In case AuthdigestProvider is used, then ldap can be used or not?

If so, how to do the AuthDigestProvider ldap configuration?

[James Blond]

1)
Apache uses simple auth

2) apache can't do SASL by default. There are some 3rd party modules.

3) there is a 3rd party module, but that works only on linux.

4) An example config is available at http://httpd.apache.org/docs/2.4/mod/mod_ldap.html

if you still have a question please ask again

[lakshmi]

Please let me know the version of the apache, which is working fine for LDAPS.

Please let me know the configuration details too.

Thanks,
Lakshmi.S

[James Blond]

Of cause always use the last version of apache

for the config see http://www.apachelounge.com/viewtopic.php?p=7884

[lakshmi]

I am using http connection, i tried ldaps configuration as specified in the link, but i am getting the following error

[Fri Apr 24 18:49:51.904177 2015] [authz_core:debug] [pid 7264:tid 1040] mod_authz_core.c(806): [client ::1:54394] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Fri Apr 24 18:49:51.904177 2015] [authz_core:debug] [pid 7264:tid 1040] mod_authz_core.c(806): [client ::1:54394] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Fri Apr 24 18:50:04.527440 2015] [authz_core:debug] [pid 7264:tid 1040] mod_authz_core.c(806): [client ::1:54402] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Fri Apr 24 18:50:04.528440 2015] [authz_core:debug] [pid 7264:tid 1040] mod_authz_core.c(806): [client ::1:54402] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Fri Apr 24 18:50:04.532440 2015] [authnz_ldap:debug] [pid 7264:tid 1040] mod_authnz_ldap.c(515): [client ::1:54402] AH01691: auth_ldap authenticate: using URL ldaps://myldapurl.com:3268/?userPrincipalName?sub?(&((objectCategory=person)(objectCategory=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))))
[Fri Apr 24 18:50:04.998487 2015] [ldap:error] [pid 7264:tid 1040] (70023)This function has not been implemented on this platform: AH01277: LDAP: Unable to add rebind cross reference entry. Out of memory?
[Fri Apr 24 18:50:04.998487 2015] [authnz_ldap:info] [pid 7264:tid 1040] [client ::1:54402] AH01695: auth_ldap authenticate: user name@domain.com authentication failed; URI /svn/sysdmrepo [LDAP: Unable to add rebind cross reference entry.][]