You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Chris Strasburg <cs...@ameslab.gov> on 2003/07/31 23:21:58 UTC
[users@httpd] mod_auth_ldap, frontpagehack, and AuthUserFile question:
Hello everyone,
I need a little help integrating rtr's frontpage module and
mod_auth_ldap. The frontpage authentication works just fine using users
and groups from the automatically setup local auth files, but when I
follow the instructions on the mod_auth_ldap documentation page to use
the frontpage hack, no ldap authentication is attempted.
After munging around in the .htaccess files I found that ldap
authentication will be attempted ONLY if I remove the AuthUserFile
directive. However, as expected, ANY ldap user is then allowed access,
whether or not they have been added as an author to the frontpage web.
I'm using RHL8.0 with Apache 2.0.47 built against openldap-2.0.27-2.8.0.
I'm also using nss_ldap for system level authentication and
information lookups.
Here is what my .htaccess file looks like:
=========================
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
require valid-user
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthType Basic
AuthName webDevelopment
AuthLDAPURL
"ldap://our.ldap.server:389/o=ourorg,c=ourc?cn?sub?(objectClass=*)"
AuthLDAPAuthoritative off
AuthLDAPFrontPageHack on
AuthUserFile /web/internal/_vti_pvt/service.pwd
AuthGroupFile /web/internal/_vti_pvt/service.grp
=========================
Thanks in advance!
--
Chris Strasburg
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_auth_ldap, frontpagehack, and AuthUserFile question:
Posted by SAQIB <sa...@seagate.com>.
yea you can not specify user auth file along if you want to use
mod_auth_ldap
Saqib Ali
---------
http://www.xml-dev.com
On Thu, 31 Jul 2003, Chris Strasburg wrote:
> I was thinking the frontpagehack directive took care of that by using
> the usernames stored in the user auth file? My only problem is when the
> user auth file is specified, the ldap module no longer seems to be
> used to do the authentication!
>
> Thanks for the response!
>
> SAQIB wrote:
> > You need to use the Require User Directive
> > e.g.
> >
> > Require user 223344 556677 889900 ....
> >
> > where 223344 556677 and are UIDs from the LDAP
> >
> > if you use require valid-user, the auth_module will allow all the
> > authenticated uers.
> >
> > Saqib Ali
> > ---------
> > http://www.xml-dev.com
>
>
>
> --
> Chris Strasburg
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_auth_ldap, frontpagehack,
and AuthUserFile question:
Posted by Chris Strasburg <cs...@ameslab.gov>.
I was thinking the frontpagehack directive took care of that by using
the usernames stored in the user auth file? My only problem is when the
user auth file is specified, the ldap module no longer seems to be
used to do the authentication!
Thanks for the response!
SAQIB wrote:
> You need to use the Require User Directive
> e.g.
>
> Require user 223344 556677 889900 ....
>
> where 223344 556677 and are UIDs from the LDAP
>
> if you use require valid-user, the auth_module will allow all the
> authenticated uers.
>
> Saqib Ali
> ---------
> http://www.xml-dev.com
--
Chris Strasburg
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_auth_ldap, frontpagehack, and AuthUserFile question:
Posted by SAQIB <sa...@seagate.com>.
You need to use the Require User Directive
e.g.
Require user 223344 556677 889900 ....
where 223344 556677 and are UIDs from the LDAP
if you use require valid-user, the auth_module will allow all the
authenticated uers.
Saqib Ali
---------
http://www.xml-dev.com
On Thu, 31 Jul 2003, Chris Strasburg wrote:
> Hello everyone,
>
> I need a little help integrating rtr's frontpage module and
> mod_auth_ldap. The frontpage authentication works just fine using users
> and groups from the automatically setup local auth files, but when I
> follow the instructions on the mod_auth_ldap documentation page to use
> the frontpage hack, no ldap authentication is attempted.
>
> After munging around in the .htaccess files I found that ldap
> authentication will be attempted ONLY if I remove the AuthUserFile
> directive. However, as expected, ANY ldap user is then allowed access,
> whether or not they have been added as an author to the frontpage web.
>
> I'm using RHL8.0 with Apache 2.0.47 built against openldap-2.0.27-2.8.0.
> I'm also using nss_ldap for system level authentication and
> information lookups.
>
> Here is what my .htaccess file looks like:
>
> =========================
> # -FrontPage-
>
> IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
>
> <Limit GET POST>
> order deny,allow
> deny from all
> allow from all
> require valid-user
> </Limit>
> <Limit PUT DELETE>
> order deny,allow
> deny from all
> </Limit>
> AuthType Basic
> AuthName webDevelopment
> AuthLDAPURL
> "ldap://our.ldap.server:389/o=ourorg,c=ourc?cn?sub?(objectClass=*)"
> AuthLDAPAuthoritative off
> AuthLDAPFrontPageHack on
> AuthUserFile /web/internal/_vti_pvt/service.pwd
> AuthGroupFile /web/internal/_vti_pvt/service.grp
>
> =========================
>
> Thanks in advance!
>
> --
> Chris Strasburg
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org