[Answered] lighttpd auth against ActiveDirectory
Added by starfoxx over 8 years ago
Hello,
few infos:
- System: Debian (jessie) 8.0
- lighttpd: 1.4.35
- Features includes: + LDAP support
- AD System: Windows Server 2003
- AD Security Group: www (cn=www,cn=Users,dc=example,dc=com)
- AD User: quasimodo with group-membership in www
configuration 05-auth.conf
auth.debug = 2
server.modules += ( "mod_auth" )
auth.backend = "ldap"
auth.backend.ldap.hostname = "192.168.100.12"
auth.backend.ldap.base-dn = "DC=example,DC=com"
auth.backend.ldap.filter = "(&(sAMAccountName=$)(memberOf=CN=www,CN=Users,DC=example,DC=com))"
auth.backend.ldap.allow-empty-pw = "disable"
auth.backend.ldap.bind-dn = "lighttpd@example.com"
auth.backend.ldap.bind-pw = "xxxxxxxxxxxxxxxxxxxx"
auth.require = ( "/" =>
(
"method" => "basic",
"realm" => "Zugriff auf Loganalyzer",
"require" => "valid-user"
)
)
When i surf the page and type the credentials (quasimodo / verySecurePassword), in the Errorlog i get :
2015-10-27 09:00:00: (http_auth.c.770) ldap: Operations error filter: (&(sAMAccountName=quasimodo)(memberOf=CN=www,CN=Users,DC=example,DC=com)) 2015-10-27 09:00:00: (http_auth.c.887) password doesn't match for / username: quasimodo, IP: 192.168.100.2
The password is right ;-)
The user (quasimodo) is in the tree (OU=Systembetreuer,OU=Projekt,DC=example,DC=local)
I searched in google / docs / wikis but i don't find help to fix this problem.
THX a lot for our help.
greetz
Marc
Replies (1)
RE: [Answered] lighttpd auth against ActiveDirectory - Added by gstrauss almost 7 years ago
See Docs_ModAuth. Please try a simpler (and, yes, less efficient) filter for auth.backend.ldap.filter and get things working before applying more specific filter.