Today I was troubleshooting an issue with Apache and LDAP authentication via the OpenLDAP server. I had copied an existing configuration to a new system (Debian Etch to Ubuntu 10.04). Most everything was working (logins via PAM and LDAP, and the like). However, authentication via Apache’s LDAP BasicAuth was not working.

Error logs were returning errors like “Object not found.” I put OpenLDAP’s log level on 256, and started watching the logs. I still wasn’t seeing anything jump out. With the help of JoBbZ on #openldap, I finally realized that Apache was trying to connect over ipv6. When it did so, the IP address was ::1, not the 127.0.0.1 to which we had given anonymous search permission. Adding “peername.ipv6=::1 read” to the appropriate “access” stanza fixed everything right up.


Comments

comments powered by Disqus