I think I have my .conf file settings correct, but it seems that I can't validate my password. I know the password is correct because I've logged in with it. Looking at the Apache logs, it looks as though Apache is able to query the LDAP server, but it can't match the passwords.
[Wed Feb 10 10:51:53 2010] [debug] mod_authnz_ldap.c(377): [client 10.0.x.x] [1544] auth_ldap authenticate: using URL ldap://ldapserver:389/DC=corp,DC=example,DC=net
[Wed Feb 10 10:51:53 2010] [warn] [client 10.0.x.x] [1544] auth_ldap authenticate: user jdoe authentication failed; URI /sitejunk [LDAP: ldap_simple_bind_s() failed][Invalid Credentials]
[Wed Feb 10 10:51:53 2010] [error] [client 10.0.x.x] user jdoe: authentication failure for "/sitejunk": Password Mismatch
Here's what the httpd.conf looks like:
<Location /sitejunk>
AuthLDAPURL "ldap://ldapserver:389/OU=Operations Support,OU=Distribution Lists,OU=Groups,OU=New Structure,DC=corp,DC=example,DC=net?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "cn=John Doe,OU=Operations Support,OU=Distribution Lists,OU=Groups,OU=New Structure,DC=corp,DC=example,DC=net"
AuthLDAPBindPassword "password"
AuthType Basic
AuthBasicProvider ldap
AuthName "Please provide your windows logon credentials to continue."
require valid-user
</Location>
It looks like I was trying to use the wrong DN. I thought the tree order was something like
CN=John Doe,OU=Operations Support,OU=Distribution Lists...but it was actuallyCN=John Doe,OU=User Accounts.... So, I really just wasn't aware of the AD structure.