You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/05/12 15:56:23 UTC

DO NOT REPLY [Bug 34897] New: - cannot mix LDAP and local users....

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34897>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=34897

           Summary: cannot mix LDAP and local users....
           Product: Apache httpd-2.0
           Version: 2.0.53
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_auth_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: anthony.atkins@vt.edu


Okay, I have tested this repeatedly with Apache 2.0.53 on Debian.  We commonly
mix LDAP authenticated users with a handful of local accounts.

I'm setting up authentication for a directory in my httpd.conf.

I start with a working configuration that allows LDAP users to access a
directory secured using Basic Auth.

If I add an AuthUserFile directive to the same <Directory> block, LDAP
authentication won't work at all for that directory, only local users will work.
   The same settings work again for LDAP users as soon as you remove or comment
out the AuthUserFile directive.  This happens regardless of whether
AuthLDAPAuthoritative is set to "off" or "on".

My understanding is that with AuthLDAPAuthoritative set to "off", the system
should check LDAP first, then fail over to the local user settings.

Here's an example <Directory> block:

  <Directory "/apps/content/fdi.cc.vt.edu/web_root/authtest">
     Options FollowSymLinks Indexes
     AllowOverride None

     AuthType Basic
     AuthUserFile /home/www/fdi.cc.vt.edu/conf/.htpasswd

     AuthName "Please enter your PID and password to access secure content"

     AuthLDAPEnabled on
     AuthLDAPAuthoritative off
     AuthLDAPURL "ldaps://authn.directory.vt.edu:636/ou=accounts,dc=vt,dc=edu?uupid"

     require user tblake local
  </Directory>

In this example, the LDAP user is "tblake", and the local user is "local".

I tried turning LogLevel to "debug", the only thing I saw in the error log was:

"user tblake not found: /authtest/"

Which to me sounds like it's not even trying to hit the LDAP server if
AuthUserFile is set.  I looked at the patch list for 2.0.54, it didn't sound
like this was addressed in that release.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org