LDAP Authentication on Apache denies valid credentials

apache-2.4ldapsvn

I'm trying to link my LDAP with an Apache 2.4 server dedicated to my SVN repositories, so I use the Apache mods dav_svn and authnz_ldap. The LDAP works properly on its own.

I could manage to bind the server with an admin DN, and search for the user I need.

When connecting, if the user doesn't exist, it is a [No such object] error (yay !). However, if the user exists, the LDAP always returns an [Invalid credentials] error, even if the password is correct.

Here is the Apache error.log end

[authnz_ldap:debug] [pid 9243:tid 2990508864] mod_authnz_ldap.c(516): [client ::1:46639] AH01691:
auth_ldap authenticate: using URL ldap://my_ldap_ip:port/ou=aaaa,dc=company,dc=fr?uid?sub

[ldap:debug] [pid 9243:tid 2990508864] util_ldap.c(379): AH01278: 
LDAP: Setting referrals to On.

[authnz_ldap:info] [pid 9243:tid 2990508864] [client ::1:46639] AH01695:
auth_ldap authenticate: user mr.myself authentication failed; URI /svn/ [ldap_simple_bind() to check user credentials failed][Invalid credentials]

[auth_basic:error] [pid 9243:tid 2990508864] [client ::1:46639] AH01617:
user mr.myself: authentication failure for "/svn/": Password Mismatch

And here is my config file

<VirtualHost domain:443>
    ServerName domain
    SSLEngine On
    SSLCertificateFile /path/to/ssl/cert.pem
    SSLCertificateKeyFile /path/to/ssl/key.pem
    SSLProtocol all
    SSLCipherSuite HIGH:MEDIUM

    <Location /svn>
        DAV                 svn
        SVNParentPath       /path/to/svn/repositories
        SVNListParentPath   ON

        AuthType            Basic
        AuthName            "a nice message"

        AuthBasicProvider   ldap
        AuthLDAPURL         ldap://my_ldap_ip:port/ou=aaaa,dc=company,dc=fr?uid?sub
        AuthLDAPBindDN      cn=mr-admin,ou=cccc,ou=bbbb,dc=company,dc=fr
        AuthLDAPBindPassword clear_password

        <RequireAll>
            Require         valid-user
            Require         ssl
            Require         ldap-group cn=svngroup,ou=ffff,ou=eeee,ou=dddd,dc=company,dc=fr
        </RequireAll>
    </Location>
</VirtualHost>

The only config I added to Apache besides this file is "Listen 443" in ports.conf

Do you have any idea about what the problem is ? I've been searching for a while now, and I need this working soon.

Thanks for reading (and sorry for that bad english)

——- Edit : additional details

  • This is my whole code

  • I only changed the domain, paths, DN names, and bindDN password for clarity.

  • I have the same result when changing uid into cn

  • Here are the ldapsearch results

.

ldapsearch -x -H ldap://my_ldap_ip:port/ -D cn=mr.myself,ou=gggg,ou=aaaa,dc=company,dc=fr -w 'p4(sSwo]rd' -v 
ldap_initialize( ldap://my_ldap_ip:port/??base ) 
ldap_bind: Invalid credentials (49) 

ldapsearch -x -H ldap://my_ldap_ip:port/ -D cn=mr.myself,ou=gggg,ou=aaaa,dc=company,dc=fr -w p4(sSwo]rd -v 
bash: syntax error near unexpected token "("

Best Answer

Thanks for the help.

This is a valid configuration, the problem was located in our LDAP. I had my password reset and everything works fine.

Related Topic