LDAP authentification used with Apache failed

Questions about HTTP Access/Mods may go here
Forum rules
Please note the disclaimer before modifying your Synology Product.
cejka
Beginner
Beginner
Posts: 26
Joined: Fri Nov 26, 2010 1:26 pm

LDAP authentification used with Apache failed

Postby cejka » Fri Sep 30, 2011 12:15 am

I tried to use built in DSM 3.2 LDAP server to authenticate users with Apache.

I've made special conf file ldaptest.conf for it, here is its listing:

Code: Select all

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

<Directory "/ldaptest">
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off
    AuthLDAPUrl "ldap://localhost:389/cn=users,dc=domain,dc=com??sub?(objectClass=*)" NONE
    AuthLDAPBindDN "uid=root,cn=users,dc=domain,dc=com"
    AuthLDAPBindPassword SECRETPASSWORD
    AuthType Basic
    AuthName "Restricted area"
    Require valid-user
</Directory>


And I included that file at /usr/syno/apache/conf/httpd.conf-user

Code: Select all

Include conf/extra/ldaptest.conf


If I try to access http://NASaddress/ldaptest, server ask for a credentials. When I fill valid credentials I get Internal Server Error 500 or Not Found 404. In Apache error.log is following error message:

Code: Select all

[Thu Sep 29 23:29:54 2011] [info] [client XXX.XXX.X.XXX] [13309] auth_ldap authenticate: user USER authentication failed; URI /ldaptest [LDAP: ldap initialization failed][Unknown (private extension) error]


I found that simillar error has concurent QNAP NAS: http://forum.qnap.com/viewtopic.php?p=219985 but with no solution.


I have no idea what kind of error it is and how can it be elmininated. Can anybody help?
cejka
Beginner
Beginner
Posts: 26
Joined: Fri Nov 26, 2010 1:26 pm

Re: LDAP authentification used with Apache failed

Postby cejka » Sat Oct 01, 2011 12:43 am

I solved it.
tuxtlequino
Novice
Novice
Posts: 44
Joined: Sat Jul 23, 2011 4:26 am

Re: LDAP authentification used with Apache failed

Postby tuxtlequino » Sat Oct 01, 2011 8:16 am

What did you do?
skoffy
I'm New!
I'm New!
Posts: 1
Joined: Wed Oct 05, 2011 11:21 am

Re: LDAP authentification used with Apache failed

Postby skoffy » Wed Oct 05, 2011 11:26 am

Same problem. How have you solved it Cejka?
cejka
Beginner
Beginner
Posts: 26
Joined: Fri Nov 26, 2010 1:26 pm

Re: LDAP authentification used with Apache failed

Postby cejka » Thu Oct 06, 2011 10:49 am

Hi buddies,

first of all, the purpose for which I want LDAP working is that I'm trying to setup following chain: Apache + SSL + LDAP + Subversion + WebDAV + WebSVN.

Info
Following advice enable you to ask for credentials and pass any valid user stored in your LDAP directory. It works without SSL.

Prerequisities
  • I have my DSM updated to version 3.2
  • I have bootstrapped DS-209+ on which I tested it.
  • I have installed LDAP directory package from Synology. I have some user, e.x. ldaptester in it.
  • I have enabled Webstation so I tested it on Apache originaly supplied with DSM 3.2 (apache 2.2.17).
  • Also I've installed apr-util via IPKG.

Take a look at things which needs to be done.

  • Check if in /usr/syno/apache/modules dir is file named mod_ldap.so. It needs to be there!
  • Edit file named /usr/syno/apache/conf/httpd.conf-user (NEVER EVER touch file named httpd.conf-sys !!!) to include your custom ldap enabled configuration file into "Supplemental configuration" section like this:

    Code: Select all

    #LDAP test confifuration
    Include conf/extra/ldaptest.conf

  • Create new configuration file at /usr/syno/apache/conf/extra and name it ldaptest.conf
  • Add following configuration lines in it:

    Code: Select all

    LoadModule ldap_module modules/mod_ldap.so
    LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

    <Location "/ldaptest">
    Order deny,allow
    Deny from all
    AuthName "LDAP TEST"
    AuthType Basic
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off

    AuthLDAPURL "ldap://localhost:389/dc=DOMAIN,dc=TLD?uid?sub?(objectClass=*)" NONE
    AuthLDAPBindDN "uid=LDAPUSER,cn=users,dc=DOMAIN,dc=TLD"
    AuthLDAPBindPassword "LDAPUSER_PASSWORD"

    Require valid-user
    Satisfy any
    </Location>


    Capitalised words DOMAIN, TLD, LDAPUSER and LDAPUSER_PASSWORD needs to be edited by you according to what you set in your LDAP directory at DSM.
  • Create new directory at /volume1/web and name it ldaptest. Insert into it some index.html file with text like "LDAP Works!" or so.
  • Last and most important thing you have to do and which is cause of the error mentioned above by me is that you have to copy 3 files from /opt/lib/apr-util-1 to /usr/syno/apache/lib/apr-util-1. These files are:

    Code: Select all

    apr-ldap-1.so
    apr-ldap.la
    apr_ldap.so

How to test it
Open your browser and point it to http://YOUR_NAS_ADDRESS/ldaptest. Browser ask for credentials and if you enter valid combination of username and password of user stored in your LDAP, it should now work.


Hope this helps.

But I fall in other issue with supplied Apache and SVN over WebDAV. So I'm going to test it at IPKG installed Apache. Synology DS is never ending story. :)
cejka
Beginner
Beginner
Posts: 26
Joined: Fri Nov 26, 2010 1:26 pm

Re: LDAP authentification used with Apache failed

Postby cejka » Thu Oct 06, 2011 9:23 pm

I finally can confirm successful start of the IPKG Apache with LDAP and SSL enabled. And so can confirm that IPKG Apache + LDAP works with simmilar configuration as I mentioned above. If you have problem running IPKG Apache, confinue here: http://forum.synology.com/enu/viewtopic.php?f=34&t=23125 where I solved IPKG Apache start.

Cheers.
tuxtlequino
Novice
Novice
Posts: 44
Joined: Sat Jul 23, 2011 4:26 am

Re: LDAP authentification used with Apache failed

Postby tuxtlequino » Sun Oct 09, 2011 3:39 pm

Thank you, thank you very much!!
Jco
I'm New!
I'm New!
Posts: 1
Joined: Wed Jun 06, 2012 11:04 am

Re: LDAP authentification used with Apache failed

Postby Jco » Wed Jun 06, 2012 11:09 am

Hi,

Thanks for these very usefull instructions. I managed to have it working.

One question : if I access the syno from WAN, will the password transit in clear ? Is that an issue at all (since the server is "localhost").

I tried to configure it with "ldaps" instead of "ldap" in the /usr/syno/apache/conf/extra/ldap.conf, but then I get a "404 not found" error when trying to connect.

Any leads ?
Hilfesuchender
I'm New!
I'm New!
Posts: 2
Joined: Sun Nov 10, 2013 6:51 pm

Re: LDAP authentification used with Apache failed

Postby Hilfesuchender » Mon Dec 21, 2015 3:40 pm

Unfortuantely, this doesn't seem to work anymore with DSM 5.
I did all as described (copy the files to the new folder - /lib/apr-util-1). Still, I'm getting the error message "[LDAP: ldap initialization failed][Unknown (private extension) error]".

Any hints on this?

Regards,
Andrew

Return to “HTTP/Apache Mods”

Who is online

Users browsing this forum: No registered users and 1 guest