Apache 2.2 LDAP Authentication Error 500 – AuthLDAPURL

Posted on

Apache 2.2 LDAP Authentication Error 500 – AuthLDAPURL – Problems with loading a website are often blamed on the Internet connection, but even the most perfectly set up network cannot help if there is no service to reply at your destination. One of the most popular HTTP servers used for this task is Apache2. Much of Apache’s popularity can be attributed to its easy installation and use, but never the less it is possible to run into problems with even the easiest of the software. If you’ve encountered an issue loading your web page, follow these simple troubleshooting methods outlined in this guide to attempt to get your web server back up and working again. Below are some tips in manage your apache2 server when you find problem about apache-2.2, active-directory, ldap, directory, rhel6.

I have an Apache server on RHEL 6 that uses our active directory for authentication and when we added a new “LocationMatch”

AuthLDAPURL ldap://ad.company.com/DC=ad,DC=company,DC=com?samaccountname?sub?(memberOf=CN=RnD,CN=Users,DC=domain,DC=com)

and on this location we get error 500

on other location matches :

AuthLDAPURL ldap://ad.company.com:389/OU=MA,DC=ad,DC=company,DC=com?samaccountname

it works flawlessly.

I am having exact same problem today, without a “ou=”, AuthLDAPURL will return a 500 error.

Finally found a url: http://clabs.org/blog/RawStuff

It mentioned: “

If you need to authenticate against different OUs, then there are two options. Ideally, simply changing the ldap url to work from the root should work:

AuthLDAPURL "ldap://eiadserver1.einstruction.com:389/DC=einstruction,DC=com?sAMAccountName?sub?(objectClass=user)"

However, against Active Directory this doesn’t seem to work, because in addition to the search results, it will also return referrals to other directory partitions, and Apache can’t grok these or somesuch. A bug has been filed for this, and the report includes a patch.

But, if your Active Directory has a Global Directory configured, typically on port 3268, then you might be able to get the query you need to work:

AuthLDAPURL "ldap://eiadserver1.einstruction.com:3268/DC=einstruction,DC=com?sAMAccountName?sub?(objectClass=user)"

I checked our AD server and it’s listening on port 3268, so I changed it, it did fix the problem.

Leave a Reply

Your email address will not be published.