Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Users

LDAP Authentication

  

 
Apache users RSS feed   Index | Next | Previous | View Threaded


sesock at okstate

Jan 21, 2003, 8:08 AM

Post #1 of 9 (168 views)
Permalink
LDAP Authentication
Greetings all:

I hate to bother everyone here, with what will probably end up being a
trivial and minor issue, but I must admit, I am at my wit's end.

After spending the last several days attempting to get mod_auth_ldap to
work with a badly managed NDS LDAP server, I finally found a work around,
in that we also have an LDAP server with 1 level, for purposes similar to
what I'm doing (We call it the workforce tree).

Unfortunately, I can't get to the authentication page anymore. I keep
receiving Server 500 errors. My error.log file looks like this:

/webaim/* is what I'm attempting to protect.

[Fri Jan 17 14:38:25 2003] [notice] Child 2468: All worker threads have
exited.
[Fri Jan 17 14:38:25 2003] [notice] Child 2468: Child process is exiting
[Fri Jan 17 14:38:26 2003] [crit] [client 139.78.31.20] configuration
error: couldn't check user. No user file?: /webaim/index.htm, referer: http://webaim2.su.okstate.edu/

After corresponding with Muquit, of mod_auth_ldap fame, he determined that
any further problems were simply misconfigurations elsewhere, unrelated to
the mod. I'm still not sure, and am unable to find any archives that
express a similar issue.

Thank you for your assistance.

Kevin A. Sesock, A+, NET+, CNA
Deskside Computer Support Specialist
Student Disability Services
SLA Program
Computing Information Services
Oklahoma State University

"This is the theory that Jack built. This is the flaw that lay in the
theory that Jack built. This is the palpable verbal haze that hid the flaw
that lay in..." -Anon.


john at sterls

Jan 21, 2003, 8:18 AM

Post #2 of 9 (159 views)
Permalink
RE: LDAP Authentication [In reply to]
>-- Original Message --
>From: "Kevin A Sesock/cis/evp/Okstate" <sesock[at]okstate.edu>
>Subject: [users[at]httpd] LDAP Authentication

...snip...

>[Fri Jan 17 14:38:26 2003] [crit] [client 139.78.31.20] configuration
>error: couldn't check user. No user file?: /webaim/index.htm, referer:
>http://webaim2.su.okstate.edu/

This is because you have mod_auth enabled. Either disable it from your
build, or turn AuthAuthoritative Off so it will pass on the opportunity
to authenticate to other modules.

I tend to prefer not compiling in or loading auth handlers that I am not
using.

sterling


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


sesock at okstate

Jan 21, 2003, 9:18 AM

Post #3 of 9 (159 views)
Permalink
RE: LDAP Authentication [In reply to]
Oops. I knew that I'd miss something simple.

Got that one taken care of, but still receiving the same crit in the error
log, and a Errror:500 viewing the page. Double checked my httpd.conf file,
but didn't find anything strange offhand.

Kevin A. Sesock, A+, NET+, CNA
Deskside Computer Support Specialist
Student Disability Services
SLA Program
Computing Information Services
Oklahoma State University

"This is the theory that Jack built. This is the flaw that lay in the
theory that Jack built. This is the palpable verbal haze that hid the flaw
that lay in..." -Anon.




"John K. Sterling" <john[at]sterls.com>
01/21/2003 09:18 AM
Please respond to users


To: users[at]httpd.apache.org
cc: (bcc: Kevin A Sesock/cis/evp/Okstate)
Subject: RE: [users[at]httpd] LDAP Authentication


>-- Original Message --
>From: "Kevin A Sesock/cis/evp/Okstate" <sesock[at]okstate.edu>
>Subject: [users[at]httpd] LDAP Authentication

...snip...

>[Fri Jan 17 14:38:26 2003] [crit] [client 139.78.31.20] configuration
>error: couldn't check user. No user file?: /webaim/index.htm, referer:
>http://webaim2.su.okstate.edu/

This is because you have mod_auth enabled. Either disable it from your
build, or turn AuthAuthoritative Off so it will pass on the opportunity
to authenticate to other modules.

I tend to prefer not compiling in or loading auth handlers that I am not
using.

sterling


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


linusali at gmail

Apr 23, 2008, 12:54 AM

Post #4 of 9 (157 views)
Permalink
Re: ldap authentication [In reply to]
Why don't you do this in Application side, Where you can have better
control over what you do.

Cheers
Salih

On Wed, Apr 23, 2008 at 9:00 AM, syed mehdi <smmehadi[at]gmail.com> wrote:
> When a user authenticates using LDAP user/paswd to execute a script placed
> at server, then how can the script determine which user have executed it
> (after authentication). By this we can keep track of users making changes in
> database otherwise any user can make changes anywhere and it will be in a
> bad condition. I think some environment variables (UID) can help in this,
> but don't know exactly how. please help.
>
> Thanks & Regards
> Syed
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


smmehadi at gmail

Apr 23, 2008, 1:40 AM

Post #5 of 9 (157 views)
Permalink
Re: ldap authentication [In reply to]
ok if i have to do it on application side, then how can i determine which
user have authenticated.
regards
syed

On Wed, Apr 23, 2008 at 1:24 PM, Mohammed Salih <linusali[at]gmail.com> wrote:

> Why don't you do this in Application side, Where you can have better
> control over what you do.
>
> Cheers
> Salih
>
> On Wed, Apr 23, 2008 at 9:00 AM, syed mehdi <smmehadi[at]gmail.com> wrote:
> > When a user authenticates using LDAP user/paswd to execute a script
> placed
> > at server, then how can the script determine which user have executed it
> > (after authentication). By this we can keep track of users making
> changes in
> > database otherwise any user can make changes anywhere and it will be in
> a
> > bad condition. I think some environment variables (UID) can help in
> this,
> > but don't know exactly how. please help.
> >
> > Thanks & Regards
> > Syed
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
> " from the digest: users-digest-unsubscribe[at]httpd.apache.org
> For additional commands, e-mail: users-help[at]httpd.apache.org
>
>


krist.vanbesien at gmail

Apr 23, 2008, 4:45 AM

Post #6 of 9 (153 views)
Permalink
Re: ldap authentication [In reply to]
On Wed, Apr 23, 2008 at 7:00 AM, syed mehdi <smmehadi[at]gmail.com> wrote:
> When a user authenticates using LDAP user/paswd to execute a script placed
> at server, then how can the script determine which user have executed it
> (after authentication). By this we can keep track of users making changes in
> database otherwise any user can make changes anywhere and it will be in a
> bad condition. I think some environment variables (UID) can help in this,
> but don't know exactly how. please help.

The script gets passed a whole list of environment variables. On of
these variables is REMOTE_USER which will be set to whichever username
the user authenticated with.

Krist

--
krist.vanbesien[at]gmail.com
krist[at]vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


daniel at bestningning

Apr 23, 2008, 7:29 AM

Post #7 of 9 (152 views)
Permalink
Re: ldap authentication [In reply to]
----- Original Message -----
From: "Krist van Besien" <krist.vanbesien[at]gmail.com>
To: <users[at]httpd.apache.org>
Sent: Wednesday, April 23, 2008 7:45 AM
Subject: Re: [users[at]httpd] ldap authentication


> On Wed, Apr 23, 2008 at 7:00 AM, syed mehdi <smmehadi[at]gmail.com> wrote:
>> When a user authenticates using LDAP user/paswd to execute a script
>> placed
>> at server, then how can the script determine which user have executed it
>> (after authentication). By this we can keep track of users making changes
>> in
>> database otherwise any user can make changes anywhere and it will be in a
>> bad condition. I think some environment variables (UID) can help in this,
>> but don't know exactly how. please help.
>
> The script gets passed a whole list of environment variables. On of
> these variables is REMOTE_USER which will be set to whichever username
> the user authenticated with.
>
REMOTE_USER doesnt always work in some of our PHP applications. I have to
use $_SERVER['PHP_AUTH_USER'] instead.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org


smmehadi at gmail

May 9, 2008, 1:01 AM

Post #8 of 9 (113 views)
Permalink
Re: ldap authentication [In reply to]
i tried to access user name (who have authenticated via LDAP) using the
variable REMOTE_USER in python like:
print REMOTE_USER
but it gave an exception

Thanks & Regards
syed

On Wed, Apr 23, 2008 at 5:15 PM, Krist van Besien <krist.vanbesien[at]gmail.com>
wrote:

> On Wed, Apr 23, 2008 at 7:00 AM, syed mehdi <smmehadi[at]gmail.com> wrote:
> > When a user authenticates using LDAP user/paswd to execute a script
> placed
> > at server, then how can the script determine which user have executed it
> > (after authentication). By this we can keep track of users making changes
> in
> > database otherwise any user can make changes anywhere and it will be in a
> > bad condition. I think some environment variables (UID) can help in this,
> > but don't know exactly how. please help.
>
> The script gets passed a whole list of environment variables. On of
> these variables is REMOTE_USER which will be set to whichever username
> the user authenticated with.
>
> Krist
>
> --
> krist.vanbesien[at]gmail.com
> krist[at]vanbesien.org
> Bremgarten b. Bern, Switzerland
> --
> A: It reverses the normal flow of conversation.
> Q: What's wrong with top-posting?
> A: Top-posting.
> Q: What's the biggest scourge on plain text email discussions?
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
> " from the digest: users-digest-unsubscribe[at]httpd.apache.org
> For additional commands, e-mail: users-help[at]httpd.apache.org
>
>


smmehadi at gmail

May 9, 2008, 2:12 AM

Post #9 of 9 (110 views)
Permalink
Re: ldap authentication [In reply to]
Hi Krist,
i tried to access user name (who have authenticated via LDAP) using the
variable REMOTE_USER in python like:

if request.environ.has_key('REMOTE_USER'):
name = request.environ['REMOTE_USER']
print name

but it gave an exception, any clue by any other user also?

Thanks & Regards

On Wed, Apr 23, 2008 at 5:15 PM, Krist van Besien <krist.vanbesien[at]gmail.com>
wrote:

> On Wed, Apr 23, 2008 at 7:00 AM, syed mehdi <smmehadi[at]gmail.com> wrote:
> > When a user authenticates using LDAP user/paswd to execute a script
> placed
> > at server, then how can the script determine which user have executed it
> > (after authentication). By this we can keep track of users making changes
> in
> > database otherwise any user can make changes anywhere and it will be in a
> > bad condition. I think some environment variables (UID) can help in this,
> > but don't know exactly how. please help.
>
> The script gets passed a whole list of environment variables. On of
> these variables is REMOTE_USER which will be set to whichever username
> the user authenticated with.
>
> Krist
>
> --
> krist.vanbesien[at]gmail.com
> krist[at]vanbesien.org
> Bremgarten b. Bern, Switzerland
> --
> A: It reverses the normal flow of conversation.
> Q: What's wrong with top-posting?
> A: Top-posting.
> Q: What's the biggest scourge on plain text email discussions?
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
> " from the digest: users-digest-unsubscribe[at]httpd.apache.org
> For additional commands, e-mail: users-help[at]httpd.apache.org
>
>

Apache users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.