You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Melanie Pfefer <me...@yahoo.co.uk> on 2009/08/19 10:45:14 UTC
[users@httpd] 'require' keyword
Hi,
I want to check 2 things here regarding 'require' keyword.
I have this directive:
<Location /svn/ABC/XYZ>
DAV svn
SVNParentPath /jupiter/export/ABC/XYZ/
AuthBasicProvider ldap
AuthLDAPUrl ldap://....
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
AuthType Basic
AuthName "Please enter your credentials"
....
</Location>
Now if I want to restrict a directoy under XYZ: /svn/ABC/XYZ/123 and give access to specific ldap users, should I proceed this way:
create a new directive:
<Location /svn/ABC/XYZ/123>
DAV svn
SVNParentPath /jupiter/export/ABC/XYZ/123
AuthBasicProvider ldap
AuthLDAPUrl ldap://....
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user <--- change here to Require followed by the ldap username. Repeat this for all users
</LimitExcept>
AuthType Basic
AuthName "Please enter your credentials"
....
</Location>
Let me know if this is true.
Also, this requires a graceful restart so I need to know whether having an external file can replace the require keyword and the restart.
thank you
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Eric Covener <co...@gmail.com>.
On Thu, Aug 20, 2009 at 11:36 AM, Eric Covener<co...@gmail.com> wrote:
> Any htaccess or locationmatch possibly getting in the way?
htaccess wouldn't get in the way...
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Eric Covener <co...@gmail.com>.
Any htaccess or locationmatch possibly getting in the way?
Can you eliminate the merging of the two sections, by creating some
test directory outside of the first prefix and see if it still
misbehaves?
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Eric Covener <co...@gmail.com>.
On Thu, Sep 3, 2009 at 9:20 AM, John P.
Dodge<do...@cruciate.ca.boeing.com> wrote:
> When using "valid-user" You need:
>
> AuthLDAPAuthorative off
Not in the last 6 releases, and the symptom there is auth failure not
short-circuting authentication.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by "John P. Dodge" <do...@cruciate.ca.boeing.com>.
On Wed, 2 Sep 2009, Tom Evans wrote:
> On Wed, 2009-09-02 at 15:23 +0000, Melanie Pfefer wrote:
>> Hi
>>
>> The config file looks like
>>
>> <Location /svn/XYZ/ABC/>
>> DAV svn
>> SVNParentPath ...
>> Options FollowSymLinks
>> AuthBasicProvider ldap
>> AuthLDAPUrl ...
>> <LimitExcept GET PROPFIND OPTIONS REPORT>
>> Require valid-user
>> </LimitExcept>
>> AuthType Basic
>> AuthName "Please enter your credentials"
>> ....
>> </Location>
>>
>> I am wondering why I am not asked to authenticate on the browser.
>>
>> thanks
>
> Wouldn't your browser be issuing GET requests? Check your access log.
> Your conf says to not require authentication for GET requests.
>
> Cheers
>
> Tom
>
>
When using "valid-user" You need:
AuthLDAPAuthorative off
----------------------------------------
"Mon aéroglisseur est plein d'anguilles"
John P. Dodge
Boeing Shared Services
Re: [users@httpd] 'require' keyword
Posted by Tom Evans <te...@googlemail.com>.
On Wed, 2009-09-02 at 15:23 +0000, Melanie Pfefer wrote:
> Hi
>
> The config file looks like
>
> <Location /svn/XYZ/ABC/>
> DAV svn
> SVNParentPath ...
> Options FollowSymLinks
> AuthBasicProvider ldap
> AuthLDAPUrl ...
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user
> </LimitExcept>
> AuthType Basic
> AuthName "Please enter your credentials"
> ....
> </Location>
>
> I am wondering why I am not asked to authenticate on the browser.
>
> thanks
Wouldn't your browser be issuing GET requests? Check your access log.
Your conf says to not require authentication for GET requests.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
Hi
The config file looks like
<Location /svn/XYZ/ABC/>
DAV svn
SVNParentPath ...
Options FollowSymLinks
AuthBasicProvider ldap
AuthLDAPUrl ...
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
AuthType Basic
AuthName "Please enter your credentials"
....
</Location>
I am wondering why I am not asked to authenticate on the browser.
thanks
--- On Wed, 2/9/09, Eric Covener <co...@gmail.com> wrote:
> From: Eric Covener <co...@gmail.com>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org
> Date: Wednesday, 2 September, 2009, 5:27 PM
> On Wed, Sep 2, 2009 at 10:09 AM,
> Melanie
> Pfefer<me...@yahoo.co.uk>
> wrote:
> > thanks.
> > In what cases Require valid-user does not ask for an
> authentication?
> >
> > This is my case here.
>
> If you configure basic authentication with Require
> valid-user, you
> will be prompted for credentials.
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache..org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Eric Covener <co...@gmail.com>.
On Wed, Sep 2, 2009 at 10:09 AM, Melanie
Pfefer<me...@yahoo.co.uk> wrote:
> thanks.
> In what cases Require valid-user does not ask for an authentication?
>
> This is my case here.
If you configure basic authentication with Require valid-user, you
will be prompted for credentials.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
thanks.
In what cases Require valid-user does not ask for an authentication?
This is my case here.
thanks again
--- On Wed, 2/9/09, Eric Covener <co...@gmail.com> wrote:
> From: Eric Covener <co...@gmail.com>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org
> Date: Wednesday, 2 September, 2009, 4:49 PM
> On Wed, Sep 2, 2009 at 9:44 AM,
> Melanie
> Pfefer<me...@yahoo.co.uk>
> wrote:
> > Hi
> >
> > I have ldap integrated with apache
> >
> > what's the difference between require valid-user and
> require user
> >
> > Why when I have require valid-user, no
> authentication is required
>
> "user" is followed by a specific user or users, who have to
> match the
> specific username that was successfully authenticated.
> "valid-user" means any username that had been successfully
> authenticated.
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache..org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Eric Covener <co...@gmail.com>.
On Wed, Sep 2, 2009 at 9:44 AM, Melanie
Pfefer<me...@yahoo.co.uk> wrote:
> Hi
>
> I have ldap integrated with apache
>
> what's the difference between require valid-user and require user
>
> Why when I have require valid-user, no authentication is required
"user" is followed by a specific user or users, who have to match the
specific username that was successfully authenticated.
"valid-user" means any username that had been successfully authenticated.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
Hi
I have ldap integrated with apache
what's the difference between require valid-user and require user
Why when I have require valid-user, no authentication is required
thanks
--- On Fri, 21/8/09, Melanie Pfefer <me...@yahoo.co.uk> wrote:
> From: Melanie Pfefer <me...@yahoo.co.uk>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org
> Date: Friday, 21 August, 2009, 4:32 PM
> Hi,
>
> I tried to change the AuthName but I got the same behavior:
> Forbidden
> The methid is GET (since I am only accessing the page from
> a browser): "GET /svn/ABC/XYZ/123 HTTP/1.0" 403 221
>
> thanks in advance
> --- On Fri, 21/8/09, André Warnier <aw...@ice-sa.com>
> wrote:
>
> > From: André Warnier <aw...@ice-sa.com>
> > Subject: Re: [users@httpd] 'require' keyword
> > To: users@httpd.apache.org
> > Date: Friday, 21 August, 2009, 3:17 PM
> > Melanie Pfefer wrote:
> > > Hi
> > >
> > > I meant Eric's suggestion.
> > >
> > > But, I sent the email too fast. In fact, I am
> not
> > prompted for authentication when I create a new and
> seperate
> > location even though the Require user was put for that
> new
> > location.
> > >
> > > In fact I just noticed that I have also:
> > >
> > > <Location /svn/ABC/>
> > > with the same ldap settings (require valid-user)
> > >
> > Getting back to some basics :
> > With "Basic Authentication" (which is what you are
> using,
> > despite the fact that your back-end is an LDAP
> server), the
> > directive "AuthName" is important.
> > Basically, any Location sections for which you use the
> same
> > AuthName, is considered by the server and the browser
> as
> > "one domain", and an authentication for one of these
> > Locations is valid for all the Locations that have the
> same
> > AuthName.
> > That is why, if a user authenticates once for a
> specific
> > Location that has an "Authname X", and then accesses
> another
> > Location that also has an "AuthName X", the user will
> not be
> > asked to authenticate again, and his previous
> authentication
> > will be "re-used".
> >
> >
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache
> HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more
> > info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache..org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
Hi,
I tried to change the AuthName but I got the same behavior: Forbidden
The methid is GET (since I am only accessing the page from a browser): "GET /svn/ABC/XYZ/123 HTTP/1.0" 403 221
thanks in advance
--- On Fri, 21/8/09, André Warnier <aw...@ice-sa.com> wrote:
> From: André Warnier <aw...@ice-sa.com>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org
> Date: Friday, 21 August, 2009, 3:17 PM
> Melanie Pfefer wrote:
> > Hi
> >
> > I meant Eric's suggestion.
> >
> > But, I sent the email too fast. In fact, I am not
> prompted for authentication when I create a new and seperate
> location even though the Require user was put for that new
> location.
> >
> > In fact I just noticed that I have also:
> >
> > <Location /svn/ABC/>
> > with the same ldap settings (require valid-user)
> >
> Getting back to some basics :
> With "Basic Authentication" (which is what you are using,
> despite the fact that your back-end is an LDAP server), the
> directive "AuthName" is important.
> Basically, any Location sections for which you use the same
> AuthName, is considered by the server and the browser as
> "one domain", and an authentication for one of these
> Locations is valid for all the Locations that have the same
> AuthName.
> That is why, if a user authenticates once for a specific
> Location that has an "Authname X", and then accesses another
> Location that also has an "AuthName X", the user will not be
> asked to authenticate again, and his previous authentication
> will be "re-used".
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by André Warnier <aw...@ice-sa.com>.
Melanie Pfefer wrote:
> Hi
>
> I meant Eric's suggestion.
>
> But, I sent the email too fast. In fact, I am not prompted for authentication when I create a new and seperate location even though the Require user was put for that new location.
>
> In fact I just noticed that I have also:
>
> <Location /svn/ABC/>
> with the same ldap settings (require valid-user)
>
Getting back to some basics :
With "Basic Authentication" (which is what you are using, despite the
fact that your back-end is an LDAP server), the directive "AuthName" is
important.
Basically, any Location sections for which you use the same AuthName, is
considered by the server and the browser as "one domain", and an
authentication for one of these Locations is valid for all the Locations
that have the same AuthName.
That is why, if a user authenticates once for a specific Location that
has an "Authname X", and then accesses another Location that also has an
"AuthName X", the user will not be asked to authenticate again, and his
previous authentication will be "re-used".
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Eric Covener <co...@gmail.com>.
On Fri, Aug 21, 2009 at 7:22 AM, Melanie
Pfefer<me...@yahoo.co.uk> wrote:
> Hi
>
> Just to note these 2 conf:
>
> with this config, I directly get Forbidden 403
>
> <Location /svn/XYZ/ABC/123>
> DAV svn
> SVNParentPath /jupiter/svnlinks/svn/XYZ/ABC/123/
> Options FollowSymLinks
> AuthBasicProvider ldap
> AuthLDAPUrl ldap://.....
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Require user user1
> Require user user2
> </LimitExcept>
> ....
> </Location>
>
>
> With this config (without LimitExcept), I am prompted for a password then get Forbidden 403
>
> <Location /svn/XYZ/ABC/123>
> DAV svn
> SVNParentPath /jupiter/svnlinks/svn/XYZ/ABC/123/
> Options FollowSymLinks
> AuthBasicProvider ldap
> AuthLDAPUrl ldap://.....
> Require user user1
> Require user user2
> ....
> </Location>
>
>
> Nothing shows in log except:
>
> Could not fetch resource information. [403, #0]
> No such file or directory: The URI does not contain the name of a repository. [403, #190001]
> Could not fetch resource information. [403, #0]
> Invalid argument: Requests for a collection must have a trailing slash on the URI. [301, #0]
These appear to be subversion, not the normal auth directives.
You mention LimitExcept coming into play, but you didn't show the
request method in use. See the access log, but if it's working as
expected I'd forget about it.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
Hi
Just to note these 2 conf:
with this config, I directly get Forbidden 403
<Location /svn/XYZ/ABC/123>
DAV svn
SVNParentPath /jupiter/svnlinks/svn/XYZ/ABC/123/
Options FollowSymLinks
AuthBasicProvider ldap
AuthLDAPUrl ldap://.....
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require user user1
Require user user2
</LimitExcept>
....
</Location>
With this config (without LimitExcept), I am prompted for a password then get Forbidden 403
<Location /svn/XYZ/ABC/123>
DAV svn
SVNParentPath /jupiter/svnlinks/svn/XYZ/ABC/123/
Options FollowSymLinks
AuthBasicProvider ldap
AuthLDAPUrl ldap://.....
Require user user1
Require user user2
....
</Location>
Nothing shows in log except:
Could not fetch resource information. [403, #0]
No such file or directory: The URI does not contain the name of a repository. [403, #190001]
Could not fetch resource information. [403, #0]
Invalid argument: Requests for a collection must have a trailing slash on the URI. [301, #0]
--- On Fri, 21/8/09, Eric Covener <co...@gmail.com> wrote:
> From: Eric Covener <co...@gmail.com>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org, aw@ice-sa.com
> Date: Friday, 21 August, 2009, 2:01 PM
> On Fri, Aug 21, 2009 at 6:43 AM,
> André Warnier<aw...@ice-sa.com>
> wrote:
> > Just another little point, Melanie : when you send a
> reply to a message on
> > the list, use the "Reply" button, not the "Reply all"
> button.
> > We are all subscribed to the list, which means that we
> get a copy of each
> > message sent to the list.
> > If in addition, you send the reply back to the
> original poster also, then
> > this poster gets two copies of each message, which is
> annoying.
> > Thanks.
>
> André,
>
> Something about your mail client encourages this. When I
> click "reply"
> for your message specifically, gmail prepopulates the To:
> field with
> the users@ and your specific mail address.
>
> I don't know much about mail, but i see your Reply-To is
> set to your
> email address while others on the list show as the list
> itself.
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache..org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Eric Covener <co...@gmail.com>.
On Fri, Aug 21, 2009 at 6:43 AM, André Warnier<aw...@ice-sa.com> wrote:
> Just another little point, Melanie : when you send a reply to a message on
> the list, use the "Reply" button, not the "Reply all" button.
> We are all subscribed to the list, which means that we get a copy of each
> message sent to the list.
> If in addition, you send the reply back to the original poster also, then
> this poster gets two copies of each message, which is annoying.
> Thanks.
André,
Something about your mail client encourages this. When I click "reply"
for your message specifically, gmail prepopulates the To: field with
the users@ and your specific mail address.
I don't know much about mail, but i see your Reply-To is set to your
email address while others on the list show as the list itself.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by André Warnier <aw...@ice-sa.com>.
Just another little point, Melanie : when you send a reply to a message
on the list, use the "Reply" button, not the "Reply all" button.
We are all subscribed to the list, which means that we get a copy of
each message sent to the list.
If in addition, you send the reply back to the original poster also,
then this poster gets two copies of each message, which is annoying.
Thanks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
Hi
I meant Eric's suggestion.
But, I sent the email too fast. In fact, I am not prompted for authentication when I create a new and seperate location even though the Require user was put for that new location.
In fact I just noticed that I have also:
<Location /svn/ABC/>
with the same ldap settings (require valid-user)
Appreciate your help.
--- On Fri, 21/8/09, André Warnier <aw...@ice-sa.com> wrote:
> From: André Warnier <aw...@ice-sa.com>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org
> Date: Friday, 21 August, 2009, 1:25 PM
> Melanie,
>
> /WHAT/ works ? What Igor mentions below, or what Eric
> previously asked
> you to check ?
>
>
>
>
>
> Melanie Pfefer wrote:
> > Hi,
> >
> > In fact, this works but it does not suits my
> requriements.
> >
> > I have a loose restrictions on the parent folder but
> want to tighten the sublocation.
> >
> > Any hint please?
> >
> > thanks
> >
> > --- On Fri, 21/8/09, Igor Cicimov <ic...@gmail.com>
> wrote:
> >
> >> From: Igor Cicimov <ic...@gmail.com>
> >> Subject: Re: [users@httpd] 'require' keyword
> >> To: users@httpd.apache.org,
> aw@ice-sa.com
> >> Date: Friday, 21 August, 2009, 6:23 AM
> >> Hi,
> >>
> >> Have you tried the "Require ldap-user" and
> >> "Require ldap-group" commands since you are using
> >> ldap authentication and not passwd file?
> >>
> >> Cheers,
> >>
> >> Igor
> >>
> >>
> >>
> >>
> >> On Fri, Aug 21, 2009 at 6:12 AM, André Warnier
> <aw...@ice-sa.com>
> >> wrote:
> >>
> >> Melanie Pfefer wrote:
> >>
> >>
> >> Hi Eric,
> >>
> >>
> >>
> >> Could you please elaborate more on what you want
> me to
> >> test?
> >>
> >>
> >>
> >>
> >> I believe Eric would like you to test with two
> totally
> >> independent Location's, where one is not a
> sub-location
> >> of the other.
> >>
> >> Like /aaa and /bbb, not like /aaa and /aaa/bbb.
> >>
> >> The point is to check if your problem only happens
> when the
> >> one location is a subset of the other, or if it
> has to do
> >> with any of the other configuration directives or
> modules
> >> you are using.
> >>
> >>
> >>
> >> I have experienced in the past some difficulties
> also with
> >> AAA and imbricated directories/locations, because
> it is not
> >> always clear what the sub-location "inherits",
> and
> >> what it doesn't, from its "parent"
> >> location.
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> ---------------------------------------------------------------------
> >>
> >> The official User-To-User support forum of the
> Apache HTTP
> >> Server Project.
> >>
> >> See <URL:http://httpd.apache.org/userslist.html>
> >> for more info.
> >>
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>
> >> " from the
> digest: users-digest-unsubscribe@httpd.apache.org
> >>
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
> >>
> >>
> >>
> >>
> >
> > Send instant messages to your online friends http://uk.messenger.yahoo.com
> >
> >
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache
> HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache..org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache..org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by André Warnier <aw...@ice-sa.com>.
Melanie,
/WHAT/ works ? What Igor mentions below, or what Eric previously asked
you to check ?
Melanie Pfefer wrote:
> Hi,
>
> In fact, this works but it does not suits my requriements.
>
> I have a loose restrictions on the parent folder but want to tighten the sublocation.
>
> Any hint please?
>
> thanks
>
> --- On Fri, 21/8/09, Igor Cicimov <ic...@gmail.com> wrote:
>
>> From: Igor Cicimov <ic...@gmail.com>
>> Subject: Re: [users@httpd] 'require' keyword
>> To: users@httpd.apache.org, aw@ice-sa.com
>> Date: Friday, 21 August, 2009, 6:23 AM
>> Hi,
>>
>> Have you tried the "Require ldap-user" and
>> "Require ldap-group" commands since you are using
>> ldap authentication and not passwd file?
>>
>> Cheers,
>>
>> Igor
>>
>>
>>
>>
>> On Fri, Aug 21, 2009 at 6:12 AM, André Warnier <aw...@ice-sa.com>
>> wrote:
>>
>> Melanie Pfefer wrote:
>>
>>
>> Hi Eric,
>>
>>
>>
>> Could you please elaborate more on what you want me to
>> test?
>>
>>
>>
>>
>> I believe Eric would like you to test with two totally
>> independent Location's, where one is not a sub-location
>> of the other.
>>
>> Like /aaa and /bbb, not like /aaa and /aaa/bbb.
>>
>> The point is to check if your problem only happens when the
>> one location is a subset of the other, or if it has to do
>> with any of the other configuration directives or modules
>> you are using.
>>
>>
>>
>> I have experienced in the past some difficulties also with
>> AAA and imbricated directories/locations, because it is not
>> always clear what the sub-location "inherits", and
>> what it doesn't, from its "parent"
>> location.
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>>
>> The official User-To-User support forum of the Apache HTTP
>> Server Project.
>>
>> See <URL:http://httpd.apache.org/userslist.html>
>> for more info.
>>
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>>
>>
>>
>
> Send instant messages to your online friends http://uk.messenger.yahoo.com
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
Hi,
In fact, this works but it does not suits my requriements.
I have a loose restrictions on the parent folder but want to tighten the sublocation.
Any hint please?
thanks
--- On Fri, 21/8/09, Igor Cicimov <ic...@gmail.com> wrote:
> From: Igor Cicimov <ic...@gmail.com>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org, aw@ice-sa.com
> Date: Friday, 21 August, 2009, 6:23 AM
> Hi,
>
> Have you tried the "Require ldap-user" and
> "Require ldap-group" commands since you are using
> ldap authentication and not passwd file?
>
> Cheers,
>
> Igor
>
>
>
>
> On Fri, Aug 21, 2009 at 6:12 AM, André Warnier <aw...@ice-sa.com>
> wrote:
>
> Melanie Pfefer wrote:
>
>
> Hi Eric,
>
>
>
> Could you please elaborate more on what you want me to
> test?
>
>
>
>
> I believe Eric would like you to test with two totally
> independent Location's, where one is not a sub-location
> of the other.
>
> Like /aaa and /bbb, not like /aaa and /aaa/bbb.
>
> The point is to check if your problem only happens when the
> one location is a subset of the other, or if it has to do
> with any of the other configuration directives or modules
> you are using.
>
>
>
> I have experienced in the past some difficulties also with
> AAA and imbricated directories/locations, because it is not
> always clear what the sub-location "inherits", and
> what it doesn't, from its "parent"
> location.
>
>
>
>
>
>
> ---------------------------------------------------------------------
>
> The official User-To-User support forum of the Apache HTTP
> Server Project.
>
> See <URL:http://httpd.apache.org/userslist.html>
> for more info.
>
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
>
>
Send instant messages to your online friends http://uk.messenger.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Igor Cicimov <ic...@gmail.com>.
Hi,
Have you tried the "Require ldap-user" and "Require ldap-group" commands
since you are using ldap authentication and not passwd file?
Cheers,
Igor
On Fri, Aug 21, 2009 at 6:12 AM, André Warnier <aw...@ice-sa.com> wrote:
> Melanie Pfefer wrote:
>
>> Hi Eric,
>>
>> Could you please elaborate more on what you want me to test?
>>
>> I believe Eric would like you to test with two totally independent
> Location's, where one is not a sub-location of the other.
> Like /aaa and /bbb, not like /aaa and /aaa/bbb.
> The point is to check if your problem only happens when the one location is
> a subset of the other, or if it has to do with any of the other
> configuration directives or modules you are using.
>
> I have experienced in the past some difficulties also with AAA and
> imbricated directories/locations, because it is not always clear what the
> sub-location "inherits", and what it doesn't, from its "parent" location.
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] 'require' keyword
Posted by André Warnier <aw...@ice-sa.com>.
Melanie Pfefer wrote:
> Hi Eric,
>
> Could you please elaborate more on what you want me to test?
>
I believe Eric would like you to test with two totally independent
Location's, where one is not a sub-location of the other.
Like /aaa and /bbb, not like /aaa and /aaa/bbb.
The point is to check if your problem only happens when the one location
is a subset of the other, or if it has to do with any of the other
configuration directives or modules you are using.
I have experienced in the past some difficulties also with AAA and
imbricated directories/locations, because it is not always clear what
the sub-location "inherits", and what it doesn't, from its "parent"
location.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
Hi Eric,
Could you please elaborate more on what you want me to test?
thanks
--- On Thu, 20/8/09, Eric Covener <co...@gmail.com> wrote:
> From: Eric Covener <co...@gmail.com>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org
> Date: Thursday, 20 August, 2009, 6:46 PM
> On Thu, Aug 20, 2009 at 11:38 AM,
> Eric Covener<co...@gmail.com>
> wrote:
> > On Thu, Aug 20, 2009 at 11:35 AM, Melanie
> > Pfefer<me...@yahoo.co.uk>
> wrote:
> >> Do you think this is caused Location directive
> used for a location and a sublocation?
>
> It ought to be fine, but i would suggest making a small
> change to the
> actual config (so the 2nd location isn't under the first)
> to let us
> know for sure if it's the operative part of the problem.
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache..org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Eric Covener <co...@gmail.com>.
On Thu, Aug 20, 2009 at 11:38 AM, Eric Covener<co...@gmail.com> wrote:
> On Thu, Aug 20, 2009 at 11:35 AM, Melanie
> Pfefer<me...@yahoo.co.uk> wrote:
>> Do you think this is caused Location directive used for a location and a sublocation?
It ought to be fine, but i would suggest making a small change to the
actual config (so the 2nd location isn't under the first) to let us
know for sure if it's the operative part of the problem.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Eric Covener <co...@gmail.com>.
On Thu, Aug 20, 2009 at 11:35 AM, Melanie
Pfefer<me...@yahoo.co.uk> wrote:
> Do you think this is caused Location directive used for a location and a sublocation?
>
> I tested on a fresh apache. The <directory> directive works as expected (i.e. only user1, user2 and user3 can access bbb/) (But still I am prompted for password even if I do not access bbb/):
You still get prompted under aaa/ because "valid-user" means any user
who has authenticated is authorized -- it does not skip the
authentication phase.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
Do you think this is caused Location directive used for a location and a sublocation?
I tested on a fresh apache. The <directory> directive works as expected (i.e. only user1, user2 and user3 can access bbb/) (But still I am prompted for password even if I do not access bbb/):
<Directory /usr/local/apache2/htdocs/aaa>
....
Require valid-user
....
</Directory>
<Directory /usr/local/apache2/htdocs/aaa/bbb>
....
Require user user1 user2
.....
</Directory>
thanks
--- On Thu, 20/8/09, Eric Covener <co...@gmail.com> wrote:
> From: Eric Covener <co...@gmail.com>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org, aw@ice-sa.com
> Date: Thursday, 20 August, 2009, 6:21 PM
> On Thu, Aug 20, 2009 at 10:55 AM,
> André Warnier<aw...@ice-sa.com>
> wrote:
> > Melanie Pfefer wrote:
> > ...
> >
> >> Require user user1
> >> Require user user2
> >
> > Melanie,
> > I believe you may be caught by the fact that the two
> lines above actually
> > express /two/ requirements, cumulatively, which cannot
> be both met at the
> > same time.
> >
> > Try this :
> > Require user user1 user2
>
> This should not result in a functional change.
> Multiple requires are
> OR'ed, even when on different Require ... lines or
> from different
> modules.
>
> > Require user user1
> > Require user user2
> > Satisfy any
>
> Satisfy only changes how access control and authorization
> interact,
> not how multiple authorization directives interact.
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache..org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Send instant messages to your online friends http://uk.messenger.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Eric Covener <co...@gmail.com>.
On Thu, Aug 20, 2009 at 10:55 AM, André Warnier<aw...@ice-sa.com> wrote:
> Melanie Pfefer wrote:
> ...
>
>> Require user user1
>> Require user user2
>
> Melanie,
> I believe you may be caught by the fact that the two lines above actually
> express /two/ requirements, cumulatively, which cannot be both met at the
> same time.
>
> Try this :
> Require user user1 user2
This should not result in a functional change. Multiple requires are
OR'ed, even when on different Require ... lines or from different
modules.
> Require user user1
> Require user user2
> Satisfy any
Satisfy only changes how access control and authorization interact,
not how multiple authorization directives interact.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by André Warnier <aw...@ice-sa.com>.
Melanie Pfefer wrote:
...
> Require user user1
> Require user user2
Melanie,
I believe you may be caught by the fact that the two lines above
actually express /two/ requirements, cumulatively, which cannot be both
met at the same time.
Try this :
Require user user1 user2
OR
Require user user1
Require user user2
Satisfy any
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
Hi,
<Location /svn/XYZ/ABC>
DAV svn
SVNParentPath /jupiter/svnlinks/svn/XYZ/ABC/
Options FollowSymLinks
AuthBasicProvider ldap
AuthLDAPUrl ldap://.....
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
AuthType Basic
AuthName "Please enter your credentials"
AuthLDAPBindDN .....
AuthLDAPBindPassword ......
AuthZLDAPAuthoritative off
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
</Location>
<Location /svn/XYZ/ABC/123>
DAV svn
SVNParentPath /jupiter/svnlinks/svn/XYZ/ABC/123/
Options FollowSymLinks
AuthBasicProvider ldap
AuthLDAPUrl ldap://.....
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require user user1
Require user user2
</LimitExcept>
AuthType Basic
AuthName "Please enter your credentials"
AuthLDAPBindDN ......
AuthLDAPBindPassword ....
AuthZLDAPAuthoritative off
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
</Location>
[error] [client xxxxxx] access to /svn/XYZ/ABC/123/ failed, reason: user 'user1' does not meet 'require'ments for user/valid-user to be allowed access
I also tried to get rid of <LimitExcept GET PROPFIND OPTIONS REPORT>
AuthLDAPUrl ldap://.....
Require user user1
Require user user2
AuthType Basic
But I always got Forbiden
What is weird is that I got only one entry in the error log despite several trials.
--- On Thu, 20/8/09, Eric Covener <co...@gmail.com> wrote:
> From: Eric Covener <co...@gmail.com>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org
> Date: Thursday, 20 August, 2009, 4:20 PM
> On Thu, Aug 20, 2009 at 7:54 AM,
> Melanie
> Pfefer<me...@yahoo.co.uk>
> wrote:
> > let me rephrase my question
> >
> > I have
> >
> > <Location .../abc/>
> > Require valid-user
> > </Location>
> >
> > <location abc/xyz>
> > Require user user1 user2
> > ....
> > </Location>
>
>
> Post your verbatim configuration and your error log entry.
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache..org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Send instant messages to your online friends http://uk.messenger.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Eric Covener <co...@gmail.com>.
On Thu, Aug 20, 2009 at 7:54 AM, Melanie
Pfefer<me...@yahoo.co.uk> wrote:
> let me rephrase my question
>
> I have
>
> <Location .../abc/>
> Require valid-user
> </Location>
>
> <location abc/xyz>
> Require user user1 user2
> ....
> </Location>
Post your verbatim configuration and your error log entry.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
let me rephrase my question
I have
<Location .../abc/>
Require valid-user
</Location>
<location abc/xyz>
Require user user1 user2
....
</Location>
Do you know why I am getting Forbidden when user1 logs in to access xyz?
--- On Thu, 20/8/09, Melanie Pfefer <me...@yahoo.co.uk> wrote:
> From: Melanie Pfefer <me...@yahoo.co.uk>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org
> Date: Thursday, 20 August, 2009, 9:26 AM
> Hi,
>
> Can you please help me out with this?
>
> To note also that the logs does not show anything now.
>
> thanks
>
> --- On Wed, 19/8/09, Melanie Pfefer <me...@yahoo.co.uk>
> wrote:
>
> > From: Melanie Pfefer <me...@yahoo.co.uk>
> > Subject: Re: [users@httpd] 'require' keyword
> > To: users@httpd.apache.org
> > Date: Wednesday, 19 August, 2009, 6:47 PM
> > Hi
> >
> > To note also that httpd.conf has these 2 directives:
> >
> > <Location /svn/ABC/XYZ>
> > DAV svn
> > SVNParentPath /jupiter/export/ABC/XYZ/
> > AuthBasicProvider ldap
> > AuthLDAPUrl ldap://....
> > <LimitExcept GET PROPFIND OPTIONS REPORT>
> > Require valid-user
> > </LimitExcept>
> > AuthType Basic
> > AuthName "Please enter your credentials"
> > .....
> > </Location>
> >
> > <Location /svn/ABC/XYZ/123>
> > DAV svn
> > SVNParentPath /jupiter/export/ABC/XYZ/123
> > AuthBasicProvider ldap
> > AuthLDAPUrl ldap://....
> > Require user XXX
> > Require user YYY
> > AuthType Basic
> > AuthName "Please enter your credentials"
> > .....
> > </Location>
> >
> >
> > Could it be because these 2 directives exist and cause
> a
> > conflict?
> > I tried to reverse them but with this setting no
> > authentication was required.
> >
> > thank you.
> >
> > --- On Wed, 19/8/09, Melanie Pfefer <me...@yahoo.co.uk>
> > wrote:
> >
> > > From: Melanie Pfefer <me...@yahoo.co.uk>
> > > Subject: Re: [users@httpd] 'require' keyword
> > > To: users@httpd.apache.org,
> > aw@ice-sa.com
> > > Date: Wednesday, 19 August, 2009, 3:50 PM
> > > any idea why I am getting this error
> > > (although xxx is in Require list):
> > >
> > > access to /svn/ABC/XYZ/ failed, reason: user
> 'xxx'
> > does not
> > > meet 'require'ments for user/valid-user to be
> allowed
> > > access
> > >
> > > thanks
> > >
> > > --- On Wed, 19/8/09, André Warnier <aw...@ice-sa.com>
> > > wrote:
> > >
> > > > From: André Warnier <aw...@ice-sa.com>
> > > > Subject: Re: [users@httpd] 'require'
> keyword
> > > > To: users@httpd.apache.org
> > > > Date: Wednesday, 19 August, 2009, 1:11 PM
> > > > Melanie Pfefer wrote:
> > > > > <LimitExcept GET PROPFIND OPTIONS
> > REPORT>
> > > > > Require valid-user <--- change
> here to
> > > > Require followed by the ldap username.
> Repeat
> > this for
> > > all
> > > > users
> > > >
> > > > The syntax is "Require user <userid>"
> where
> > the
> > > first
> > > > two words are "as is", and the
> <userid>
> > part
> > > stands
> > > > for the authenticated user's id.
> > > > Example :
> > > > Require user melhabanero
> > > >
> > > >
> > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > The official User-To-User support forum of
> the
> > Apache
> > > HTTP
> > > > Server Project.
> > > > See <URL:http://httpd.apache.org/userslist.html> for more
> > > > info.
> > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > The official User-To-User support forum of the
> Apache
> > HTTP
> > > Server Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more
> > > info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > " from the digest: users-digest-unsubscribe@httpd.apache..org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> > >
> >
> > Send instant messages to your online friends http://uk.messenger.yahoo.com
> >
> >
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache
> HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more
> > info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache..org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache..org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
Hi,
Can you please help me out with this?
To note also that the logs does not show anything now.
thanks
--- On Wed, 19/8/09, Melanie Pfefer <me...@yahoo.co.uk> wrote:
> From: Melanie Pfefer <me...@yahoo.co.uk>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org
> Date: Wednesday, 19 August, 2009, 6:47 PM
> Hi
>
> To note also that httpd.conf has these 2 directives:
>
> <Location /svn/ABC/XYZ>
> DAV svn
> SVNParentPath /jupiter/export/ABC/XYZ/
> AuthBasicProvider ldap
> AuthLDAPUrl ldap://....
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user
> </LimitExcept>
> AuthType Basic
> AuthName "Please enter your credentials"
> .....
> </Location>
>
> <Location /svn/ABC/XYZ/123>
> DAV svn
> SVNParentPath /jupiter/export/ABC/XYZ/123
> AuthBasicProvider ldap
> AuthLDAPUrl ldap://....
> Require user XXX
> Require user YYY
> AuthType Basic
> AuthName "Please enter your credentials"
> .....
> </Location>
>
>
> Could it be because these 2 directives exist and cause a
> conflict?
> I tried to reverse them but with this setting no
> authentication was required.
>
> thank you.
>
> --- On Wed, 19/8/09, Melanie Pfefer <me...@yahoo.co.uk>
> wrote:
>
> > From: Melanie Pfefer <me...@yahoo.co.uk>
> > Subject: Re: [users@httpd] 'require' keyword
> > To: users@httpd.apache.org,
> aw@ice-sa.com
> > Date: Wednesday, 19 August, 2009, 3:50 PM
> > any idea why I am getting this error
> > (although xxx is in Require list):
> >
> > access to /svn/ABC/XYZ/ failed, reason: user 'xxx'
> does not
> > meet 'require'ments for user/valid-user to be allowed
> > access
> >
> > thanks
> >
> > --- On Wed, 19/8/09, André Warnier <aw...@ice-sa.com>
> > wrote:
> >
> > > From: André Warnier <aw...@ice-sa.com>
> > > Subject: Re: [users@httpd] 'require' keyword
> > > To: users@httpd.apache.org
> > > Date: Wednesday, 19 August, 2009, 1:11 PM
> > > Melanie Pfefer wrote:
> > > > <LimitExcept GET PROPFIND OPTIONS
> REPORT>
> > > > Require valid-user <--- change here to
> > > Require followed by the ldap username. Repeat
> this for
> > all
> > > users
> > >
> > > The syntax is "Require user <userid>" where
> the
> > first
> > > two words are "as is", and the <userid>
> part
> > stands
> > > for the authenticated user's id.
> > > Example :
> > > Require user melhabanero
> > >
> > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > The official User-To-User support forum of the
> Apache
> > HTTP
> > > Server Project.
> > > See <URL:http://httpd.apache.org/userslist.html> for more
> > > info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> > >
> >
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache
> HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more
> > info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache..org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
> Send instant messages to your online friends http://uk.messenger.yahoo.com
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache..org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
Hi
To note also that httpd.conf has these 2 directives:
<Location /svn/ABC/XYZ>
DAV svn
SVNParentPath /jupiter/export/ABC/XYZ/
AuthBasicProvider ldap
AuthLDAPUrl ldap://....
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
AuthType Basic
AuthName "Please enter your credentials"
.....
</Location>
<Location /svn/ABC/XYZ/123>
DAV svn
SVNParentPath /jupiter/export/ABC/XYZ/123
AuthBasicProvider ldap
AuthLDAPUrl ldap://....
Require user XXX
Require user YYY
AuthType Basic
AuthName "Please enter your credentials"
.....
</Location>
Could it be because these 2 directives exist and cause a conflict?
I tried to reverse them but with this setting no authentication was required.
thank you.
--- On Wed, 19/8/09, Melanie Pfefer <me...@yahoo.co.uk> wrote:
> From: Melanie Pfefer <me...@yahoo.co.uk>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org, aw@ice-sa.com
> Date: Wednesday, 19 August, 2009, 3:50 PM
> any idea why I am getting this error
> (although xxx is in Require list):
>
> access to /svn/ABC/XYZ/ failed, reason: user 'xxx' does not
> meet 'require'ments for user/valid-user to be allowed
> access
>
> thanks
>
> --- On Wed, 19/8/09, André Warnier <aw...@ice-sa.com>
> wrote:
>
> > From: André Warnier <aw...@ice-sa.com>
> > Subject: Re: [users@httpd] 'require' keyword
> > To: users@httpd.apache.org
> > Date: Wednesday, 19 August, 2009, 1:11 PM
> > Melanie Pfefer wrote:
> > > <LimitExcept GET PROPFIND OPTIONS REPORT>
> > > Require valid-user <--- change here to
> > Require followed by the ldap username. Repeat this for
> all
> > users
> >
> > The syntax is "Require user <userid>" where the
> first
> > two words are "as is", and the <userid> part
> stands
> > for the authenticated user's id.
> > Example :
> > Require user melhabanero
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache
> HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more
> > info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache..org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Send instant messages to your online friends http://uk.messenger.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by Melanie Pfefer <me...@yahoo.co.uk>.
any idea why I am getting this error (although xxx is in Require list):
access to /svn/ABC/XYZ/ failed, reason: user 'xxx' does not meet 'require'ments for user/valid-user to be allowed access
thanks
--- On Wed, 19/8/09, André Warnier <aw...@ice-sa.com> wrote:
> From: André Warnier <aw...@ice-sa.com>
> Subject: Re: [users@httpd] 'require' keyword
> To: users@httpd.apache.org
> Date: Wednesday, 19 August, 2009, 1:11 PM
> Melanie Pfefer wrote:
> > <LimitExcept GET PROPFIND OPTIONS REPORT>
> > Require valid-user <--- change here to
> Require followed by the ldap username. Repeat this for all
> users
>
> The syntax is "Require user <userid>" where the first
> two words are "as is", and the <userid> part stands
> for the authenticated user's id.
> Example :
> Require user melhabanero
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more
> info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] 'require' keyword
Posted by André Warnier <aw...@ice-sa.com>.
Melanie Pfefer wrote:
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Require valid-user <--- change here to Require followed by the ldap username. Repeat this for all users
The syntax is "Require user <userid>" where the first two words are "as
is", and the <userid> part stands for the authenticated user's id.
Example :
Require user melhabanero
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org