You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by William Paredes <bi...@einstein.yu.edu> on 2013/08/15 19:09:36 UTC
[users@httpd] Apache 2.4 fails to call LDAP auth modules
Greetings!
It's been a few days that I'm struggling with this one:
I don't get the authentication dialog window prompting for a user name & password when I enter an LDAP protected realm:
<Directory /Library/Webserver/Documents/ldapProtected>
AuthType Basic
AuthBasicProvider ldap
AuthName "Testing LDAP"
AuthLDAPBindDN "CN=cn_name,OU=ou_account,DC=ad,DC=uds,DC=yu,DC=edu"
AuthLDAPBindPassword "pwrd"
AuthLDAPURL "ldap://ldap.address:389/DC=ad,DC=uds,DC=yu,DC=edu"
Require ldap-user jones
</Directory>
However, I do get the authentication dialog with a user file:
<Directory "/Library/WebServer/Documents/fileProtected">
AuthType Basic
AuthName "New Test Auth Required"
AuthUserFile "/etc/htpasswd/.htpasswd"
Require valid-user
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
When I navigate to the LDAP protected directory I get into the directory without the authentication dialog.
When I navigate to the file protected directory I'm challenged with the authentication window.
I built the following with the usual ./configure, make, sudo make install [no errors]:
[apr 1.4.8] ./configure --prefix=/usr/local/apr
[apr-util 1.5.2] ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --with-ldap --with-mysql=/usr/local/mysql --with-ldap-lib=/usr/local/openldap/lib --with-ldap-include=/usr/local/openldap/include/
[apache 2.4.6] ./configure --enable-layout=MacMini --enable-modules=most --with-ssl=/usr --with-mpm-prefork --enable-ssl --enable-so --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-authnz-ldap --enable-ldap --with-ldap
I've set the apache LogLevel to debug and LDAPLibraryDebug to 7 but they have not revealed anything useful other than the following when I access the LDAP realms without being challenged:
mod_authz_core.c(802): [client 129.98.101.122:51668] AH01626: authorization result of Require all granted: granted
[Tue Aug 13 18:22:55.544690 2013] [authz_core:debug] [pid 60859:tid 4447301632] mod_authz_core.c(802): [client 129.98.101.122:51668] AH01626: authorization result of <RequireAny>: granted
So how would I begin to trouble shoot this puzzle?
[OS X 10.8.4; 2.7GHz Intel Core i7; 16GB; mac mini desktop]
Thanks,
-bill
Re: [users@httpd] Apache 2.4 fails to call LDAP auth modules
Posted by Igor Cicimov <ic...@gmail.com>.
On 16/08/2013 3:10 AM, "William Paredes" <bi...@einstein.yu.edu>
wrote:
>
> Greetings!
> It's been a few days that I'm struggling with this one:
>
> I don't get the authentication dialog window prompting for a user name &
password when I enter an LDAP protected realm:
>
> <Directory /Library/Webserver/Documents/ldapProtected>
> AuthType Basic
> AuthBasicProvider ldap
> AuthName "Testing LDAP"
> AuthLDAPBindDN "CN=cn_name,OU=ou_account,DC=ad,DC=uds,DC=yu,DC=edu"
> AuthLDAPBindPassword "pwrd"
> AuthLDAPURL "ldap://ldap.address:389/DC=ad,DC=uds,DC=yu,DC=edu"
> Require ldap-user jones
> </Directory>
>
> However, I do get the authentication dialog with a user file:
>
> <Directory "/Library/WebServer/Documents/fileProtected">
> AuthType Basic
> AuthName "New Test Auth Required"
> AuthUserFile "/etc/htpasswd/.htpasswd"
> Require valid-user
> Options Indexes FollowSymLinks MultiViews
> AllowOverride AuthConfig
> Order allow,deny
> Allow from all
> </Directory>
>
> When I navigate to the LDAP protected directory I get into the directory
without the authentication dialog.
> When I navigate to the file protected directory I'm challenged with the
authentication window.
>
> I built the following with the usual ./configure, make, sudo make install
[no errors]:
>
> [apr 1.4.8] ./configure --prefix=/usr/local/apr
>
> [apr-util 1.5.2] ./configure --prefix=/usr/local/apr-util
--with-apr=/usr/local/apr --with-ldap --with-mysql=/usr/local/mysql
--with-ldap-lib=/usr/local/openldap/lib
--with-ldap-include=/usr/local/openldap/include/
>
> [apache 2.4.6] ./configure --enable-layout=MacMini --enable-modules=most
--with-ssl=/usr --with-mpm-prefork --enable-ssl --enable-so
--with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util
--enable-authnz-ldap --enable-ldap --with-ldap
>
> I've set the apache LogLevel to debug and LDAPLibraryDebug to 7 but they
have not revealed anything useful other than the following when I access
the LDAP realms without being challenged:
>
> mod_authz_core.c(802): [client 129.98.101.122:51668] AH01626:
authorization result of Require all granted: granted
>
> [Tue Aug 13 18:22:55.544690 2013] [authz_core:debug] [pid 60859:tid
4447301632] mod_authz_core.c(802): [client 129.98.101.122:51668] AH01626:
authorization result of <RequireAny>: granted
>
>
> So how would I begin to trouble shoot this puzzle?
> [OS X 10.8.4; 2.7GHz Intel Core i7; 16GB; mac mini desktop]
>
Start by confirming your ldap account is working outside apache using
ldapsearch or ldapbind lets say. Have you done that? Have you confirmed the
ldap connection works at all?
> Thanks,
> -bill