cyphz0r
n00b
Joined: 29 Oct 2003
Posts: 12
|
 Posted: Thu Sep 01, 2005 2:43 pm Post subject: Apache/2.0.52 + mod_auth_ldap/3.3 + Win2k3 AD multiple OU's |
 |
|
I've got authentication working and I can login via my account in my OU but other people from different OU's can't.
Our AD structure is like the following:
DOMAIN
--COMPANYA
-----USERS
-----GROUPS
--COMPANYB
-----USERS
-----GROUPS
--COMPANYC
-----USERS
-----GROUPS
(and so on)
I have a group in say companyb that has a member from companya, when that member tries to login apache reports:
auth_ldap authenticate: user <user> authentication failed; URI /nagios [User not found][No such object]
My .htaccess file:
| Code: |
AuthLDAPEnabled On
AuthType Basic
AuthName "Active Directory Authentication"
#AuthLDAPURL ldap://<adserver>:389/DC=xx,DC=xx,DC=xx?sAMAccountName?sub?(objectclass=*)
AuthLDAPURL ldap://<adserver>:389/DC=xx,DC=xx,DC=xx?cn
AuthLDAPBindDN aduser@xx.xx.xx
AuthLDAPBindPassword xxxxxxxxxx
#require group CN=CTITNagios,OU=GROUPS,OU=CURRENT,DC=xx,DC=xx,DC=xx
require valid-user
|
I need to be able to control the group in one OU but have members from other companies have access to the system if they are members, any ideas?? |
|
Networking & Security
