apache mod_authnz_ldap - 500 error when blank username used
5,064
I just had to add...
AuthLDAPBindAuthoritative off
I'm not 100% sure why this is. Perhaps something to do with mod_authnz_ldap passing the auth on to somewhere else? but it works.
Hope this helps someone.
Related videos on Youtube
Author by
jpgorton
Updated on September 18, 2022Comments
-
jpgorton almost 2 years
I've got Apache 2.4 running on Windows Server 2012.
I've got mod_authnz_ldap working except if users put a blank username. This results in a 500 internal server error.
this is the entry in httpd.conf for the "staff" area...
<Location "/staff"> AuthType Basic AuthName "Staff Area" LDAPReferrals Off AuthBasicProvider ldap AuthUserFile /dev/null AuthLDAPBindDN [email protected] AuthLDAPBindPassword MyPassword AuthLDAPURL "ldap://server-dc1:389/ou=DomainUsers,dc=school,dc=com,dc=au?sAMAccountName?sub" Require ldap-group cn=staff,ou=staff,ou=DomainUsers,dc=school,dc=com,dc=au </Location>
Anything obvious that I'm missing? Does anyone else use mod_authnz_ldap? Does your server not like blank usernames?
-
jpgorton over 10 yearsThe last two lines in my error.log are... [Mon Jan 20 11:41:43.965316 2014] [authnz_ldap:debug] [pid 2084:tid 956] mod_authnz_ldap.c(500): [client 10.129.201.3:51427] AH01691: auth_ldap authenticate: using URL ldap://server-dc1:389/ou=DomainUsers,dc=school,dc=com,dc=au?sAMAccountName?sub [Mon Jan 20 11:41:43.965316 2014] [authnz_ldap:info] [pid 2084:tid 956] [client 10.129.201.3:51427] AH01695: auth_ldap authenticate: user authentication failed; URI /staff/ [ldap_search_ext_s() for user failed][Filter Error]
-
-
Connor McKay almost 4 yearsI encountered this same issue, except I was using the AuthLDAPInitialBindAsUser feature, and this is fix also worked for me. Here is another post about the same error. I think it is an Apache bug, but at least this works around the issue.