Skip to main content

Apache 2.2 - authnz_ldap - Active Directory

The other day I had to authenticate web clients on apache 2.2 (debian etch) to our corporate Active Directory (Windows 2003R2) and I constantly kept getting an error like the following:

[Wed Jun 06 19:08:56 2007] [warn] [client] [3574] auth_ldap authenticate: user foo authentication failed; URI /secret [ldap_search_ext_s() for user failed][Operations error]

Only after a couple of google searches, a couple of network sniffs (which all seemed to go well - bind and then search both successful) and a bit of trial and error I found out that I had to turn off referrals in /etc/ldap/ldap.conf :


For the record this is the configuration snippet in apache:

<Directory /var/www/secret>
AuthBasicProvider ldap
AuthType Basic
AuthName "Ldap Test Area"
AuthLDAPURL "ldap://pdc.domain.msft:389/DC=DOMAIN,DC=MSFT?sAMAccountName?sub?(objectClass=user)" NONE
AuthLDAPBindPassword "foo"
require ldap-attribute objectClass=user

Weekend and back

Spent a lovely week-end with Pietro and Patricia visiting us in Vipiteno.



Left on Sunday evening, direction Stresa and finally back home from a two-day event. Pretty tired right now.


Why I love Debian

Besides the massive amount of packages and architectures supported by Debian, I think one of my favourite capabilities of Debian in respect to many other distributions, is the possibility of doing a remote upgrade without issues. Today I dist-upgraded our server from Sarge+Backports to Etch in about an hour. Just a couple of small fixes were needed, but nothing specifically tied to Debian (a change in postfix 2.3 and a couple of home-grown scripts that were still looking for python2.3). ;)

Aladdin eToken, OpenVPN and Windows

I've gotten a hold of an Aladdin eToken Pro32k USB Token, and tried to configure it for an OpenVPN setup of mine. Here are the notes I gathered (For now they're Windows only, I plan to setup the Linux client as soon as I get around to do it). HTH :)

Debian, unixODBC and AS/400

Here are the steps in order to query DB2 on AS/400 froma Debian Etch box:

  1. apt-get install unixodbc unixodbc-bin rpm

  2. Install the gratis (non-free) iSeries Access package from IBM.

  3. Follow the instructions on this link.

  4. Unpack the downloaded rpm package and copy thefiles under /opt:

/tmp; rpm2cpio iSeriesAccess-5.2.0-1.14.i386.rpm | cpio -id && cp -avf opt/* /opt/

  1. Add /opt/ibm/iSeriesAccess/lib to /etc/

  2. Register the newly installed odbc driver:

srvdebian:/opt/ibm/iSeriesAccess# odbcinst -i -d -f unixodbcregistration

odbcinst: Driver installed. Usage count increased to 1.

Now you can launch the _ODBConfig _program and configure the connection:odbc-as400-1.JPG



After setting it up, you can use _DataManager _to test your login and work on your AS/400 DB


So the other day a colleague at work asks about exporting data from Active Directory in csv format, in order to push it on to a DB on an AS/400 box. Given that I need to change the separator and that I need to change the encoding of the output file, in order to get some extra flexibility, I just hacked up my own script adcsvdump.cs ... works pretty much out of the box with just small .config tweaking needed for your setup.Paolo Conte - Avanti Bionda