LDAP authentification used with Apache failed

Questions about HTTP Access/Mods may go here
Forum rules
1) On 12/25, Synology Forums will be getting a new layout. During this time, content will still be accessible but you will be unable to make new threads and posts.

2) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://account.synology.com/support/support_form.php?lang=enu

3) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
cejka
Beginner
Beginner
Posts: 26
Joined: Fri Nov 26, 2010 1:26 pm

LDAP authentification used with Apache failed

Postby cejka » Fri Sep 30, 2011 12:15 am

I tried to use built in DSM 3.2 LDAP server to authenticate users with Apache.

I've made special conf file ldaptest.conf for it, here is its listing:

Code: Select all

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

<Directory "/ldaptest">
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off
    AuthLDAPUrl "ldap://localhost:389/cn=users,dc=domain,dc=com??sub?(objectClass=*)" NONE
    AuthLDAPBindDN "uid=root,cn=users,dc=domain,dc=com"
    AuthLDAPBindPassword SECRETPASSWORD
    AuthType Basic
    AuthName "Restricted area"
    Require valid-user
</Directory>


And I included that file at /usr/syno/apache/conf/httpd.conf-user

Code: Select all

Include conf/extra/ldaptest.conf


If I try to access http://NASaddress/ldaptest, server ask for a credentials. When I fill valid credentials I get Internal Server Error 500 or Not Found 404. In Apache error.log is following error message:

Code: Select all

[Thu Sep 29 23:29:54 2011] [info] [client XXX.XXX.X.XXX] [13309] auth_ldap authenticate: user USER authentication failed; URI /ldaptest [LDAP: ldap initialization failed][Unknown (private extension) error]


I found that simillar error has concurent QNAP NAS: http://forum.qnap.com/viewtopic.php?p=219985 but with no solution.


I have no idea what kind of error it is and how can it be elmininated. Can anybody help?
cejka
Beginner
Beginner
Posts: 26
Joined: Fri Nov 26, 2010 1:26 pm

Re: LDAP authentification used with Apache failed

Postby cejka » Sat Oct 01, 2011 12:43 am

I solved it.
tuxtlequino
Novice
Novice
Posts: 44
Joined: Sat Jul 23, 2011 4:26 am

Re: LDAP authentification used with Apache failed

Postby tuxtlequino » Sat Oct 01, 2011 8:16 am

What did you do?
skoffy
I'm New!
I'm New!
Posts: 1
Joined: Wed Oct 05, 2011 11:21 am

Re: LDAP authentification used with Apache failed

Postby skoffy » Wed Oct 05, 2011 11:26 am

Same problem. How have you solved it Cejka?
cejka
Beginner
Beginner
Posts: 26
Joined: Fri Nov 26, 2010 1:26 pm

Re: LDAP authentification used with Apache failed

Postby cejka » Thu Oct 06, 2011 10:49 am

Hi buddies,

first of all, the purpose for which I want LDAP working is that I'm trying to setup following chain: Apache + SSL + LDAP + Subversion + WebDAV + WebSVN.

Info
Following advice enable you to ask for credentials and pass any valid user stored in your LDAP directory. It works without SSL.

Prerequisities
  • I have my DSM updated to version 3.2
  • I have bootstrapped DS-209+ on which I tested it.
  • I have installed LDAP directory package from Synology. I have some user, e.x. ldaptester in it.
  • I have enabled Webstation so I tested it on Apache originaly supplied with DSM 3.2 (apache 2.2.17).
  • Also I've installed apr-util via IPKG.

Take a look at things which needs to be done.

  • Check if in /usr/syno/apache/modules dir is file named mod_ldap.so. It needs to be there!
  • Edit file named /usr/syno/apache/conf/httpd.conf-user (NEVER EVER touch file named httpd.conf-sys !!!) to include your custom ldap enabled configuration file into "Supplemental configuration" section like this:

    Code: Select all

    #LDAP test confifuration
    Include conf/extra/ldaptest.conf

  • Create new configuration file at /usr/syno/apache/conf/extra and name it ldaptest.conf
  • Add following configuration lines in it:

    Code: Select all

    LoadModule ldap_module modules/mod_ldap.so
    LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

    <Location "/ldaptest">
    Order deny,allow
    Deny from all
    AuthName "LDAP TEST"
    AuthType Basic
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off

    AuthLDAPURL "ldap://localhost:389/dc=DOMAIN,dc=TLD?uid?sub?(objectClass=*)" NONE
    AuthLDAPBindDN "uid=LDAPUSER,cn=users,dc=DOMAIN,dc=TLD"
    AuthLDAPBindPassword "LDAPUSER_PASSWORD"

    Require valid-user
    Satisfy any
    </Location>


    Capitalised words DOMAIN, TLD, LDAPUSER and LDAPUSER_PASSWORD needs to be edited by you according to what you set in your LDAP directory at DSM.
  • Create new directory at /volume1/web and name it ldaptest. Insert into it some index.html file with text like "LDAP Works!" or so.
  • Last and most important thing you have to do and which is cause of the error mentioned above by me is that you have to copy 3 files from /opt/lib/apr-util-1 to /usr/syno/apache/lib/apr-util-1. These files are:

    Code: Select all

    apr-ldap-1.so
    apr-ldap.la
    apr_ldap.so

How to test it
Open your browser and point it to http://YOUR_NAS_ADDRESS/ldaptest. Browser ask for credentials and if you enter valid combination of username and password of user stored in your LDAP, it should now work.


Hope this helps.

But I fall in other issue with supplied Apache and SVN over WebDAV. So I'm going to test it at IPKG installed Apache. Synology DS is never ending story. :)
cejka
Beginner
Beginner
Posts: 26
Joined: Fri Nov 26, 2010 1:26 pm

Re: LDAP authentification used with Apache failed

Postby cejka » Thu Oct 06, 2011 9:23 pm

I finally can confirm successful start of the IPKG Apache with LDAP and SSL enabled. And so can confirm that IPKG Apache + LDAP works with simmilar configuration as I mentioned above. If you have problem running IPKG Apache, confinue here: http://forum.synology.com/enu/viewtopic.php?f=34&t=23125 where I solved IPKG Apache start.

Cheers.
tuxtlequino
Novice
Novice
Posts: 44
Joined: Sat Jul 23, 2011 4:26 am

Re: LDAP authentification used with Apache failed

Postby tuxtlequino » Sun Oct 09, 2011 3:39 pm

Thank you, thank you very much!!
Jco
I'm New!
I'm New!
Posts: 1
Joined: Wed Jun 06, 2012 11:04 am

Re: LDAP authentification used with Apache failed

Postby Jco » Wed Jun 06, 2012 11:09 am

Hi,

Thanks for these very usefull instructions. I managed to have it working.

One question : if I access the syno from WAN, will the password transit in clear ? Is that an issue at all (since the server is "localhost").

I tried to configure it with "ldaps" instead of "ldap" in the /usr/syno/apache/conf/extra/ldap.conf, but then I get a "404 not found" error when trying to connect.

Any leads ?
Hilfesuchender
I'm New!
I'm New!
Posts: 2
Joined: Sun Nov 10, 2013 6:51 pm

Re: LDAP authentification used with Apache failed

Postby Hilfesuchender » Mon Dec 21, 2015 3:40 pm

Unfortuantely, this doesn't seem to work anymore with DSM 5.
I did all as described (copy the files to the new folder - /lib/apr-util-1). Still, I'm getting the error message "[LDAP: ldap initialization failed][Unknown (private extension) error]".

Any hints on this?

Regards,
Andrew

Return to “HTTP/Apache Mods”

Who is online

Users browsing this forum: No registered users and 1 guest