You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by "Mark S. Heiges" <mh...@uga.edu> on 2007/01/04 19:55:31 UTC

disabling an inherited authentication configuration



I have a dozen-ish virtual hosts that "Include" a common  
configuration file which, among other things, specifies  
authentication for the sites:

<Location / >
     AuthName "File Auth"
     AuthType Basic
     AuthUserFile  /etc/httpd/conf/passwords
     AuthAuthoritative off
     Require user joe
</Location>


In one of the virtual hosts I want to override the inherited  
authentication mechanism to use mod_auth_ldap (httpd 2.0.52):

<Location / >
        AuthLDAPAuthoritative On
        AuthLDAPEnabled On
        AuthType Basic
        AuthName "Ldap Auth"
        AuthLDAPBindDN "uid=mod_auth_ldap,ou=Special  
Users,dc=example,dc=com"
        AuthLDAPBindPassword elngt0nc0at0r
        AuthLDAPURL "ldaps://ds1.example.org:636/ 
ou=people,dc=example,dc=org?uid?sub"
        Require group cn=Webusers,ou=Groups,dc=example,dc=org
</Location>


However, I am unable to undefine the AuthUserFile in the  
reconfiguration. Apache continues with the file-based password  
comparison. The mod_auth_ldap works fine if I don't pre-declare the  
AuthUserFile. I have similar problems if I try to change the  
authentication method on a subdirectory (eg.  <Location /mydir> )

Is there a way to disable an inherited authentication module once its  
been declared?

 From my reading of the mod_auth doc I'm understanding there is not:
"So if a userID appears in the database of more than one module; or  
if a valid Require directive applies to more than one module; then  
the first module will verify the credentials; and no access is passed  
on; regardless of the AuthAuthoritative setting."

Re: disabling an inherited authentication configuration

Posted by Jonathan Vanasco <mo...@2xlp.com>.

On Jan 4, 2007, at 1:55 PM, Mark S. Heiges wrote:

> I have a dozen-ish virtual hosts that "Include" a common  
> configuration file which, among other things, specifies  
> authentication for the sites:

your best off asking your question again on a mod_auth_ldap or  
general Apache httpd list -- this one is for mod_perl

// Jonathan Vanasco

| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -