[已解决]使用 apache 2.4 进行 LDAP 身份验证时发生内部错误 500

[已解决]使用 apache 2.4 进行 LDAP 身份验证时发生内部错误 500

我有一台配置了 SVN 服务器的 CentOS 7 服务器,还有另一台装有 LDAP 的 Windows Server 2012R2,我将其用作域控制器。我可以使用 ldapsearch 与 Windows 服务器通信。

嗯,我现在的问题是,当我尝试通过浏览器登录 svn 服务器时,无论我输入什么,都会出现内部错误(500)。

错误信息是:

[Thu May 12 13:27:36.786664 2016] [authz_core:debug] [pid 10377] mod_authz_core.c(809): [client 1.1.1.1:50409] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Thu May 12 13:27:36.786695 2016] [authz_core:debug] [pid 10377] mod_authz_core.c(809): [client 1.1.1.1:50409] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Thu May 12 13:27:36.786732 2016] [authnz_ldap:debug] [pid 10377] mod_authnz_ldap.c(501): [client 1.1.1.1:50409] AH01691: auth_ldap authenticate: using URL ldap://a-d01:389/,dc=a,dc=domain,dc=com?sAMAccountName?sub?(ObjectClass=*)
[Thu May 12 13:27:36.787048 2016] [ldap:debug] [pid 10377] util_ldap.c(372): AH01278: LDAP: Setting referrals to On.
[Thu May 12 13:27:36.874625 2016] [authnz_ldap:info] [pid 10377] [client 1.1.1.1:50409] AH01695: auth_ldap authenticate: user svnuser authentication failed; URI /repo [ldap_search_ext_s() for user failed][Invalid DN syntax]

答案1

正如错误所说,DN 语法似乎有错误:

[Thu May 12 13:27:36.874625 2016] [authnz_ldap:info] [pid 10377] [client 1.1.1.1:50409] AH01695: auth_ldap authenticate: user svnuser authentication failed; URI /repo [ldap_search_ext_s() for user failed][Invalid DN syntax]

根据错误日志,您使用了“ldap://a-d01:389/,dc=a,dc=domain,dc=com”,我猜应该改用“ldap://a-d01:389/dc=a,dc=domain,dc=com”。

[Thu May 12 13:27:36.786732 2016] [authnz_ldap:debug] [pid 10377] mod_authnz_ldap.c(501): [client 1.1.1.1:50409] AH01691: auth_ldap authenticate: using URL ldap://a-d01:389/,dc=a,dc=domain,dc=com?sAMAccountName?sub?(ObjectClass=*)
[Thu May 12 13:27:36.787048 2016] [ldap:debug] [pid 10377] util_ldap.c(372): AH01278: LDAP: Setting referrals to On.

相关内容