Sunday, February 11, 2018

apache 2.2 - Active Directory problems while trying to perfom compare operation

I have CentOs 5.5 with Apache 2.2 and SVN installed. Also I have Windows 2003 R2 with Active Directory.
I'm trying to authorize users via AD so each user have access to repo if he is a member of corespondent group in AD.
Here is my apache config:




LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LDAPVerifyServerCert off
ServerName svn.mydomain.com
DocumentRoot /var/www/svn.mydomain.com/htdocs

RewriteEngine On
[Location /]
AuthType basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldaps://comp1.mydomain.com:636/DC=mydomain,DC=com?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN binduser@mydomain.com
AuthLDAPBindPassword binduserpassword
[/Location]
[Location /repos/test]

DAV svn
SVNPath /var/svn/repos/test
AuthName "SVN repository for test"
Require ldap-group CN=test,CN=ProjectGroups,DC=mydomain,DC=com
[/Location]


When I'm using "Require valid-user" everything goes fine, "Require ldap-user" also works.
But as soon as I use "Require ldap-group" authorization fails.
Trere are no errors in apache logs, but Active Directory shows folowing error:





Event Type: Information
Event Source: NTDS LDAP
Event Category: LDAP Interface
Event ID: 1138
Date: 10/9/2010
Time: 1:28:52 PM
User: MYDOMAIN\binduser
Computer: COMP1
Description:
Internal event: Function ldap_compare entered.


Event Type: Error
Event Source: NTDS General
Event Category: Internal Processing
Event ID: 1481
Date: 10/9/2010
Time: 1:28:52 PM
User: MYDOMAIN\binduser
Computer: COMP1
Description:

Internal error: The operation on the object failed.

Additional Data
Error value:
2 0000208D: NameErr: DSID-031001CD, problem 2001
(NO_OBJECT), data 0, best match of:
'DC=mydomain,DC=com'


I'm confused by this problem. What I'm doing wrong?

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...