Score:0

Apache 2.4 LDAP "password mismatch" but password is correct

in flag
tux

I run apache2.4 on debian and LDAP-Auth tells me "password mismatch" but I am very sure I use correct passwords (tested multiple users).

I also asked chat-gpt and it told me maybe my password get hashed differently on server/client but I don't know how to check that.

this is part of my /etc/apache2/apache2.conf

<Directory /var/www/html/ldaptest/>
    AllowOverride All
    SSLRequireSSL
    AuthType Basic
    AuthName "Restricted Area"
    AuthBasicAuthoritative Off
    AuthBasicProvider ldap
    AuthLDAPURL "ldaps://my-domain.de:10636/dc=my-domain,dc=de?uid?sub?(objectClass=*)"
    AuthLDAPBindDN "CN=binduser,DC=my-domain,DC=de"
    AuthLDAPBindPassword "somepass"
    Require valid-user

</Directory>

Do you have any ideas what is wrong?

U880D avatar
ca flag
Are you authenticating against an MS AD DC? Does the bind user contains whitespaces or special characters?
tux avatar
in flag
tux
no, it is no MS AD, it is slapd on debian. the bind user has a "-" in its name. But a simple ldapsearch from my webserver does work, i can look up any user with that. I think the problem is somewhere with my apache config.
Score:0
in flag
tux

The wrong part is here:

AuthLDAPBindDN "CN=binduser,DC=my-domain,DC=de"

In my case it must be "cn=binduser,dc=ldap-users,dc=my-domain,dc=de"

Brief: Double check structure.

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.