You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Rob Tanner <rt...@linfield.edu> on 2007/09/11 05:27:36 UTC
[users@httpd] Having problems getting mod_authnz_ldap to work right
Hi,
I upgraded from Apace 2.0.53 to 2.2.4 and from mod_auth_ldap to
mod_authnz_ldap and that's where my troubles began. I have one
protected directory that anyone with an LDAP entry should be able to
access, but something is failing in the process and Apache is not
providing in helpful logs (when I deliberately mistype my password I get
an error in the error_log but other times no log)
Here's the configuration on the old server that does work:
<Directory /var/apache/html/support/protected>
SSLRequireSSL
AuthLDAPUrl ldap://biblio.linfield.edu:389/o=linfield.edu?uid
AuthLDAPBindDN "cn=secret, ou=Special Users, o=linfield.edu"
AuthLDAPBindPassword "secret"
AuthName "Protected"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
Options Indexes FollowSymLinks
AllowOverride None
</Directory>
Here's my attempted mod_authnz_ldap configuration:
<Directory /var/apache/html/support/protected>
SSLRequireSSL
AuthBasicProvider ldap
AuthLDAPURL ldap://biblio.linfield.edu:389/o=linfield.edu?uid
AuthLDAPBindDN "cn=secret, ou=Special Users, o=linfield.edu"
AuthLDAPBindPassword "secret"
AuthName "Protected"
AuthType Basic
<Limit GET>
Require valid-user
</Limit>
Options Indexes FollowSymLinks
AllowOverride None
</Directory>
Can someone please tell me what's missing?
Thanks,
Rob
--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Having problems getting mod_authnz_ldap to work right
Posted by Eric Covener <co...@gmail.com>.
On 9/10/07, Rob Tanner <rt...@linfield.edu> wrote:
> Hi,
>
> I upgraded from Apace 2.0.53 to 2.2.4 and from mod_auth_ldap to
> mod_authnz_ldap and that's where my troubles began. I have one
> protected directory that anyone with an LDAP entry should be able to
> access, but something is failing in the process and Apache is not
> providing in helpful logs (when I deliberately mistype my password I get
> an error in the error_log but other times no log)
> Here's my attempted mod_authnz_ldap configuration:
> <Directory /var/apache/html/support/protected>
> SSLRequireSSL
> AuthBasicProvider ldap
> AuthLDAPURL ldap://biblio.linfield.edu:389/o=linfield.edu?uid
> AuthLDAPBindDN "cn=secret, ou=Special Users, o=linfield.edu"
> AuthLDAPBindPassword "secret"
> AuthName "Protected"
> AuthType Basic
> <Limit GET>
> Require valid-user
> </Limit>
> Options Indexes FollowSymLinks
> AllowOverride None
> </Directory>
>
In 2.2.4 you might need to set 'AuthZLDAPAuthoritative off' to use
require valid-user.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43281
(but you should have seen some kind of errorlog entry for this failure)
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org