我认为我的 .conf 文件设置正确,但似乎无法验证密码。我知道密码正确,因为我已经用它登录了。查看 Apache 日志,Apache 似乎能够查询 LDAP 服务器,但无法匹配密码。
[Wed Feb 10 10:51:53 2010] [debug] mod_authnz_ldap.c(377): [client 10.0.x.x] [1544] auth_ldap authenticate: using URL ldap://ldapserver:389/DC=corp,DC=example,DC=net
[Wed Feb 10 10:51:53 2010] [warn] [client 10.0.x.x] [1544] auth_ldap authenticate: user jdoe authentication failed; URI /sitejunk [LDAP: ldap_simple_bind_s() failed][Invalid Credentials]
[Wed Feb 10 10:51:53 2010] [error] [client 10.0.x.x] user jdoe: authentication failure for "/sitejunk": Password Mismatch
httpd.conf 如下所示:
<Location /sitejunk>
AuthLDAPURL "ldap://ldapserver:389/OU=Operations Support,OU=Distribution Lists,OU=Groups,OU=New Structure,DC=corp,DC=example,DC=net?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "cn=John Doe,OU=Operations Support,OU=Distribution Lists,OU=Groups,OU=New Structure,DC=corp,DC=example,DC=net"
AuthLDAPBindPassword "password"
AuthType Basic
AuthBasicProvider ldap
AuthName "Please provide your windows logon credentials to continue."
require valid-user
</Location>
答案1
看起来我尝试使用了错误的 DN。我以为树顺序是这样的CN=John Doe,OU=Operations Support,OU=Distribution Lists...
,但实际上却是CN=John Doe,OU=User Accounts...
。所以,我真的不知道 AD 结构。