You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Berger, John" <Jo...@us.fujitsu.com> on 2015/04/28 20:43:01 UTC
[users@httpd] Moving from 2.2 to 2.4
Hello,
We currently use Apache Httpd 2.2 and are migrating to 2.4 on new servers running on Windows. We currently do an Ldap bind on certain locations and prompt for username and password to allow Ldap users access. Our current config on 2.2 is as follows and works just the way we want:
<Location /tpg>
AuthType basic
AuthBasicProvider ldap
AuthName "Partners"
SetHandler none
Order deny,allow
Deny from all
Allow from all
AuthLDAPURL ldap://servernameXXX.fnc.fujitsu.com:389/o=ldapnameXXX.fnc.fujitsu.com
AuthzLDAPAuthoritative off
Require valid-user
</Location>
I tried this exact same code in the 2.4 config and it just keeps prompting for username and password over and over. In looking at the documentation is saw that in 2.4 the Order deny,allow was dropped in 2.4 unless you loaded mod_access_compat, which I have done so. I have also tried the following:
<Location /tpg>
AuthType basic
AuthBasicProvider ldap
AuthName "Partners"
SetHandler none
Require all denied
Require all granted
Require valid-user
AuthLDAPURL ldap://servernameXXX.fnc.fujitsu.com:389/o=ldapnameXXX.fnc.fujitsu.com
AuthLDAPBindAuthoritative off
</Location>
This lets anyone in no matter what. If I comment out the Require all granted, then it goes back to prompting over and over and does not let me in.
Please help me understand what I am doing incorrect.
Thank You,
John
RE: [users@httpd] Moving from 2.2 to 2.4
Posted by "Berger, John" <Jo...@us.fujitsu.com>.
Okay, thanks. I appreciate you help very much.
John
-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Tuesday, April 28, 2015 3:04 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Moving from 2.2 to 2.4
On Tue, Apr 28, 2015 at 3:20 PM, Berger, John <Jo...@us.fujitsu.com> wrote:
> Seems to be working now. However, when I login it seems to hold my credentials. I can close my browser and then go back to the URL and it does not prompt me. If I clear out my browser cache files and then go back to the URL it prompts me again. Seems to happen with both IE and Chrome. My co-worker does it and it prompts him everytime.
>
> Any ideas. I am sure it is probably something on my machine, but I just want to make sure it is not something on the new web server.
I don't think it's anything server-side. You'd have to look at the request headers to be sure.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Moving from 2.2 to 2.4
Posted by Eric Covener <co...@gmail.com>.
On Tue, Apr 28, 2015 at 3:20 PM, Berger, John
<Jo...@us.fujitsu.com> wrote:
> Seems to be working now. However, when I login it seems to hold my credentials. I can close my browser and then go back to the URL and it does not prompt me. If I clear out my browser cache files and then go back to the URL it prompts me again. Seems to happen with both IE and Chrome. My co-worker does it and it prompts him everytime.
>
> Any ideas. I am sure it is probably something on my machine, but I just want to make sure it is not something on the new web server.
I don't think it's anything server-side. You'd have to look at the
request headers to be sure.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Moving from 2.2 to 2.4
Posted by "Berger, John" <Jo...@us.fujitsu.com>.
Eric,
Seems to be working now. However, when I login it seems to hold my credentials. I can close my browser and then go back to the URL and it does not prompt me. If I clear out my browser cache files and then go back to the URL it prompts me again. Seems to happen with both IE and Chrome. My co-worker does it and it prompts him everytime.
Any ideas. I am sure it is probably something on my machine, but I just want to make sure it is not something on the new web server.
John
-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Tuesday, April 28, 2015 1:56 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Moving from 2.2 to 2.4
On Tue, Apr 28, 2015 at 2:50 PM, Berger, John <Jo...@us.fujitsu.com> wrote:
> [Tue Apr 28 13:21:03.192195 2015] [ldap:error] [pid 1328:tid 740] (70023)This function has not been implemented on this platform: AH01277: LDAP: Unable to add rebind cross reference entry. Out of memory?
This is an unfortunate default. Try LDAPReferrals OFF wherever you have AuthLDAPURL.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Moving from 2.2 to 2.4
Posted by Eric Covener <co...@gmail.com>.
On Tue, Apr 28, 2015 at 2:50 PM, Berger, John
<Jo...@us.fujitsu.com> wrote:
> [Tue Apr 28 13:21:03.192195 2015] [ldap:error] [pid 1328:tid 740] (70023)This function has not been implemented on this platform: AH01277: LDAP: Unable to add rebind cross reference entry. Out of memory?
This is an unfortunate default. Try LDAPReferrals OFF wherever you
have AuthLDAPURL.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Moving from 2.2 to 2.4
Posted by "Berger, John" <Jo...@us.fujitsu.com>.
In the access log it shows:
168.127.191.33 - jberger1 [28/Apr/2015:13:21:03 -0500] "GET /tpg/tibs/150/g0118.pdf HTTP/1.1" 401 381
In the error log it shows:
[Tue Apr 28 13:21:03.192195 2015] [ldap:error] [pid 1328:tid 740] (70023)This function has not been implemented on this platform: AH01277: LDAP: Unable to add rebind cross reference entry. Out of memory?
[Tue Apr 28 13:21:03.192195 2015] [auth_basic:error] [pid 1328:tid 740] [client 168.127.191.33:60948] AH01618: user jberger1 not found: /tpg/tibs/150/g0118.pdf
I know jberger1 is valid because I can access it via the 2.2 server.
John
-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Tuesday, April 28, 2015 1:47 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Moving from 2.2 to 2.4
On Tue, Apr 28, 2015 at 2:43 PM, Berger, John <Jo...@us.fujitsu.com> wrote:
> Require all denied
>
> Require all granted
>
> Require valid-user
Just the valid-user of these three. What does your error_log say?
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Moving from 2.2 to 2.4
Posted by Eric Covener <co...@gmail.com>.
On Tue, Apr 28, 2015 at 2:43 PM, Berger, John
<Jo...@us.fujitsu.com> wrote:
> Require all denied
>
> Require all granted
>
> Require valid-user
Just the valid-user of these three. What does your error_log say?
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org