You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/05/12 15:56:23 UTC
DO NOT REPLY [Bug 34897] New: -
cannot mix LDAP and local users....
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34897>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34897
Summary: cannot mix LDAP and local users....
Product: Apache httpd-2.0
Version: 2.0.53
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: mod_auth_ldap
AssignedTo: bugs@httpd.apache.org
ReportedBy: anthony.atkins@vt.edu
Okay, I have tested this repeatedly with Apache 2.0.53 on Debian. We commonly
mix LDAP authenticated users with a handful of local accounts.
I'm setting up authentication for a directory in my httpd.conf.
I start with a working configuration that allows LDAP users to access a
directory secured using Basic Auth.
If I add an AuthUserFile directive to the same <Directory> block, LDAP
authentication won't work at all for that directory, only local users will work.
The same settings work again for LDAP users as soon as you remove or comment
out the AuthUserFile directive. This happens regardless of whether
AuthLDAPAuthoritative is set to "off" or "on".
My understanding is that with AuthLDAPAuthoritative set to "off", the system
should check LDAP first, then fail over to the local user settings.
Here's an example <Directory> block:
<Directory "/apps/content/fdi.cc.vt.edu/web_root/authtest">
Options FollowSymLinks Indexes
AllowOverride None
AuthType Basic
AuthUserFile /home/www/fdi.cc.vt.edu/conf/.htpasswd
AuthName "Please enter your PID and password to access secure content"
AuthLDAPEnabled on
AuthLDAPAuthoritative off
AuthLDAPURL "ldaps://authn.directory.vt.edu:636/ou=accounts,dc=vt,dc=edu?uupid"
require user tblake local
</Directory>
In this example, the LDAP user is "tblake", and the local user is "local".
I tried turning LogLevel to "debug", the only thing I saw in the error log was:
"user tblake not found: /authtest/"
Which to me sounds like it's not even trying to hit the LDAP server if
AuthUserFile is set. I looked at the patch list for 2.0.54, it didn't sound
like this was addressed in that release.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org