You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Rob Tanner <rt...@linfield.edu> on 2007/03/27 18:26:17 UTC

[users@httpd] Problems with LDAP and Basic Authentication

Hi,

I'm having problems with LDAP authentication.  What worked in Apache
v2.0.53 does not work in Apache v2.2.4 and I assume that the difference
is actually between mod_auth_ldap.c and mod_authnz_ldap.c.  Below is an
example of an LDAP configuration that works with the older server
(w/mod_auth_ldap.c ):

<Location /soan>
        AuthLDAPUrl ldap://biblio.linfield.edu:389/o=linfield.edu?uid
        AuthLDAPBindDN "cn=Postfix,ou=Special Users,o=linfield.edu"
        AuthLDAPBindPassword secret
        AuthName "Sociology and Anthropology"
        AuthType Basic
        DAV On
        ForceType text/plain
        <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE
LOCK UNLOCK>
                Require group cn=webdav.soan, ou=webdav, o=linfield.edu
        </Limit>
        AllowOverride None
</Location>

What changes are necessary to use this with Apache 2.2.4 and
mod_authnz_ldap.c?

Thanks,
Rob


-- 
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

Re: [users@httpd] Problems with LDAP and Basic Authentication

Posted by Rob Tanner <rt...@linfield.edu>.

Ah, the missing piece: "AuthBasicProvider ldap"  Thanks.

-- Rob

Ricardo Stella said the following on 03/27/2007 10:19 AM:
> Rob Tanner wrote:
>   
>> Hi,
>>
>> I'm having problems with LDAP authentication.  What worked in Apache
>> v2.0.53 does not work in Apache v2.2.4 and I assume that the difference
>> is actually between mod_auth_ldap.c and mod_authnz_ldap.c.  Below is an
>> example of an LDAP configuration that works with the older server
>> (w/mod_auth_ldap.c ):
>>
>> <Location /soan>
>>         AuthLDAPUrl ldap://biblio.linfield.edu:389/o=linfield.edu?uid
>>         AuthLDAPBindDN "cn=Postfix,ou=Special Users,o=linfield.edu"
>>         AuthLDAPBindPassword secret
>>         AuthName "Sociology and Anthropology"
>>         AuthType Basic
>>         DAV On
>>         ForceType text/plain
>>         <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE
>> LOCK UNLOCK>
>>                 Require group cn=webdav.soan, ou=webdav, o=linfield.edu
>>         </Limit>
>>         AllowOverride None
>> </Location>
>>
>> What changes are necessary to use this with Apache 2.2.4 and
>> mod_authnz_ldap.c?
>>
>> Thanks,
>> Rob
>>
>>
>>   
>>     
> What works for us is (I have anon bind enabled):
>
> <Directory "/path-to-htdocs/ldap-secured">
>     Options FollowSymLinks
>     AllowOverride None
> AuthName "LDAP authentication"
> AuthType Basic
> AuthBasicProvider ldap
> AuthzLDAPAuthoritative off
> AuthLDAPURL "ldap://localhost:389/o=your_own_base?uid?sub?"
> require valid-user
> </Directory>
>
>
>
>   
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Problems with LDAP and Basic Authentication

Posted by Ricardo Stella <st...@rider.edu>.


Rob Tanner wrote:
> Hi,
>
> I'm having problems with LDAP authentication.  What worked in Apache
> v2.0.53 does not work in Apache v2.2.4 and I assume that the difference
> is actually between mod_auth_ldap.c and mod_authnz_ldap.c.  Below is an
> example of an LDAP configuration that works with the older server
> (w/mod_auth_ldap.c ):
>
> <Location /soan>
>         AuthLDAPUrl ldap://biblio.linfield.edu:389/o=linfield.edu?uid
>         AuthLDAPBindDN "cn=Postfix,ou=Special Users,o=linfield.edu"
>         AuthLDAPBindPassword secret
>         AuthName "Sociology and Anthropology"
>         AuthType Basic
>         DAV On
>         ForceType text/plain
>         <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE
> LOCK UNLOCK>
>                 Require group cn=webdav.soan, ou=webdav, o=linfield.edu
>         </Limit>
>         AllowOverride None
> </Location>
>
> What changes are necessary to use this with Apache 2.2.4 and
> mod_authnz_ldap.c?
>
> Thanks,
> Rob
>
>
>   
What works for us is (I have anon bind enabled):

<Directory "/path-to-htdocs/ldap-secured">
    Options FollowSymLinks
    AllowOverride None
AuthName "LDAP authentication"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://localhost:389/o=your_own_base?uid?sub?"
require valid-user
</Directory>



-- 

°(((=((===°°°(((===========================================