You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by "Mark S. Heiges" <mh...@uga.edu> on 2007/01/04 19:55:31 UTC
disabling an inherited authentication configuration
I have a dozen-ish virtual hosts that "Include" a common
configuration file which, among other things, specifies
authentication for the sites:
<Location / >
AuthName "File Auth"
AuthType Basic
AuthUserFile /etc/httpd/conf/passwords
AuthAuthoritative off
Require user joe
</Location>
In one of the virtual hosts I want to override the inherited
authentication mechanism to use mod_auth_ldap (httpd 2.0.52):
<Location / >
AuthLDAPAuthoritative On
AuthLDAPEnabled On
AuthType Basic
AuthName "Ldap Auth"
AuthLDAPBindDN "uid=mod_auth_ldap,ou=Special
Users,dc=example,dc=com"
AuthLDAPBindPassword elngt0nc0at0r
AuthLDAPURL "ldaps://ds1.example.org:636/
ou=people,dc=example,dc=org?uid?sub"
Require group cn=Webusers,ou=Groups,dc=example,dc=org
</Location>
However, I am unable to undefine the AuthUserFile in the
reconfiguration. Apache continues with the file-based password
comparison. The mod_auth_ldap works fine if I don't pre-declare the
AuthUserFile. I have similar problems if I try to change the
authentication method on a subdirectory (eg. <Location /mydir> )
Is there a way to disable an inherited authentication module once its
been declared?
From my reading of the mod_auth doc I'm understanding there is not:
"So if a userID appears in the database of more than one module; or
if a valid Require directive applies to more than one module; then
the first module will verify the credentials; and no access is passed
on; regardless of the AuthAuthoritative setting."
Re: disabling an inherited authentication configuration
Posted by Jonathan Vanasco <mo...@2xlp.com>.
On Jan 4, 2007, at 1:55 PM, Mark S. Heiges wrote:
> I have a dozen-ish virtual hosts that "Include" a common
> configuration file which, among other things, specifies
> authentication for the sites:
your best off asking your question again on a mod_auth_ldap or
general Apache httpd list -- this one is for mod_perl
// Jonathan Vanasco
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - -