You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Smith, Mitchell" <mi...@cwc.com> on 2013/05/01 15:52:46 UTC
[users@httpd] Issues Implementing ldap authentication.
Hi,
I am trying to implement ldap authentication into my configuration for svn
running under apache2.2 (httpd2.2.24) running on Linux.
I have the following configuration, but it appears that it always fails to
call the ldap server.
<IfModule dav_svn_module>
<Location />
DAV svn
SVNParentPath /opt/subversion/repos
SVNListParentPath On
AuthzSVNAccessFile /opt/subversion/svnaccess
AuthzLDAPAuthoritative off
AuthBasicProvider ldap
AuthType Digest
AuthName "DOMAIN.COM"
AuthLDAPBindDN "CN=TestSVN,OU=Users -
Users,OU=Accounts,DC=CWIHQ,DC=CWIGINTRA,DC=COM"
AuthLDAPBindPassword "Password"
AuthLDAPURL "ldap://
LDAP.DOMAIN.COM:389/DC=DOMAIN,DC=COM?sAMAccountName?sub?(objectClass=*)"
Require valid-user
# AuthUserFile
/usr/subversion/apache2/conf.d/svnAuthBlank
</Location>
</IfModule>
It appears that ldap is never called, and the authentication attempts to
fall back to the AuthUserFile, which I do not want.
I have checked multiple tutorials online and cannot see where I am going
wrong. If I un-comment the AuthUserFile it fails to authenticate as the
user does not exist in the file.
Can anyone assist with this.
Thanks
--
*Mitchell Smith
*
The information contained in this email (and any attachments) is confidential and may be privileged. If you are not the intended recipient
and have received this email in error, please notify the sender immediately by reply email and delete the message and any attachments.
If you are not the named addressee, you must not copy, disclose, forward or otherwise use the information contained in this email.
Cable & Wireless Communications Plc and its affiliates reserve the right to monitor all email communications through their networks to
ensure regulatory compliance.
Cable & Wireless Communications Plc is a company registered in England & Wales with number:
07130199 and offices located at 3rd Floor, 26 Red Lion Square, London WC1R 4HQ
Re: [users@httpd] Issues Implementing ldap authentication.
Posted by Eric Covener <co...@gmail.com>.
On Mon, May 6, 2013 at 6:42 AM, Vishesh kumar <li...@gmail.com> wrote:
> I wonder, if we can use SASL mechanism here for authenticating via LDAP.
Doubtful. I don't think web browsers nor Apache do SASL.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Issues Implementing ldap authentication.
Posted by Vishesh kumar <li...@gmail.com>.
I wonder, if we can use SASL mechanism here for authenticating via LDAP.
Thanks
Vishesh Kumar
On Wed, May 1, 2013 at 11:01 PM, Eric Covener <co...@gmail.com> wrote:
> Ldap only supports basic auth, not digest.
--
http://linuxmantra.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Issues Implementing ldap authentication.
Posted by Eric Covener <co...@gmail.com>.
Ldap only supports basic auth, not digest.
Re: [users@httpd] Issues Implementing ldap authentication.
Posted by "david@ecker-software.de" <da...@ecker-software.de>.
Hi,
the documentation for AuthzLDAPAuthoritative :
<snip>Prevent other authentication modules from authenticating the user if this
one fails</snip>
Default is on but you did set it to off, why? If ldap fails another
authorization will be tried.
The main problems should be the line <snip> AuthType Digest</snip>. As far as I
know you can use digest/MD5 password encryption with file authentification but
not with LDAP. LDAP requires basic authentification. But beware that without any
other security meachanism like VPN or SSL a simple network sniffer will be able
to get the passwords from the network stream.
bye,
David
> "Smith, Mitchell" <mi...@cwc.com> hat am 1. Mai 2013 um 15:52
> geschrieben:
>
> Hi,
>
> I am trying to implement ldap authentication into my configuration for svn
> running under apache2.2 (httpd2.2.24) running on Linux.
>
> I have the following configuration, but it appears that it always fails to
> call the ldap server.
>
> <IfModule dav_svn_module>
> <Location />
> DAV svn
> SVNParentPath /opt/subversion/repos
> SVNListParentPath On
> AuthzSVNAccessFile /opt/subversion/svnaccess
> AuthzLDAPAuthoritative off
> AuthBasicProvider ldap
> AuthType Digest
> AuthName "<http://DOMAIN.COM> "
> AuthLDAPBindDN "CN=TestSVN,OU=Users -
> Users,OU=Accounts,DC=CWIHQ,DC=CWIGINTRA,DC=COM"
> AuthLDAPBindPassword "Password"
> AuthLDAPURL
> "ldap://<http://LDAP.DOMAIN.COM:389/DC=DOMAIN,DC=COM?sAMAccountName?sub?(objectClass=*)>
> "
> Require valid-user
> # AuthUserFile
> /usr/subversion/apache2/conf.d/svnAuthBlank
> </Location>
> </IfModule>
>
> It appears that ldap is never called, and the authentication attempts to fall
> back to the AuthUserFile, which I do not want.
>
> I have checked multiple tutorials online and cannot see where I am going
> wrong. If I un-comment the AuthUserFile it fails to authenticate as the user
> does not exist in the file.
>
> Can anyone assist with this.
>
> Thanks
>
> --
> Mitchell Smith
>
>
>
> The information contained in this email (and any attachments) is confidential
> and may be privileged. If you are not the intended recipient
> and have received this email in error, please notify the sender immediately
> by reply email and delete the message and any attachments.
> If you are not the named addressee, you must not copy, disclose, forward or
> otherwise use the information contained in this email.
> Cable & Wireless Communications Plc and its affiliates reserve the right to
> monitor all email communications through their networks to
> ensure regulatory compliance.
>
> Cable & Wireless Communications Plc is a company registered in England &
> Wales with number:
> 07130199 and offices located at 3rd Floor, 26 Red Lion Square, London WC1R
> 4HQ
>
>