Mailing List Archive: Apache: Users

Having problems getting mod_authnz_ldap to work right

Index | Next | Previous | View Threaded

rtanner at linfield

Sep 10, 2007, 8:27 PM

Post #1 of 2 (185 views)
Permalink

Having problems getting mod_authnz_ldap to work right

Hi,

I upgraded from Apace 2.0.53 to 2.2.4 and from mod_auth_ldap to
mod_authnz_ldap and that's where my troubles began. I have one
protected directory that anyone with an LDAP entry should be able to
access, but something is failing in the process and Apache is not
providing in helpful logs (when I deliberately mistype my password I get
an error in the error_log but other times no log)

Here's the configuration on the old server that does work:
<Directory /var/apache/html/support/protected>
SSLRequireSSL
AuthLDAPUrl ldap://biblio.linfield.edu:389/o=linfield.edu?uid
AuthLDAPBindDN "cn=secret, ou=Special Users, o=linfield.edu"
AuthLDAPBindPassword "secret"
AuthName "Protected"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
Options Indexes FollowSymLinks
AllowOverride None
</Directory>

Here's my attempted mod_authnz_ldap configuration:
<Directory /var/apache/html/support/protected>
SSLRequireSSL
AuthBasicProvider ldap
AuthLDAPURL ldap://biblio.linfield.edu:389/o=linfield.edu?uid
AuthLDAPBindDN "cn=secret, ou=Special Users, o=linfield.edu"
AuthLDAPBindPassword "secret"
AuthName "Protected"
AuthType Basic
<Limit GET>
Require valid-user
</Limit>
Options Indexes FollowSymLinks
AllowOverride None
</Directory>

Can someone please tell me what's missing?

Thanks,
Rob

--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd

covener at gmail

Sep 12, 2007, 5:46 AM

Post #2 of 2 (147 views)
Permalink

Re: Having problems getting mod_authnz_ldap to work right [In reply to]

On 9/10/07, Rob Tanner <rtanner [at] linfield> wrote:
> Hi,
>
> I upgraded from Apace 2.0.53 to 2.2.4 and from mod_auth_ldap to
> mod_authnz_ldap and that's where my troubles began. I have one
> protected directory that anyone with an LDAP entry should be able to
> access, but something is failing in the process and Apache is not
> providing in helpful logs (when I deliberately mistype my password I get
> an error in the error_log but other times no log)

> Here's my attempted mod_authnz_ldap configuration:
> <Directory /var/apache/html/support/protected>
> SSLRequireSSL
> AuthBasicProvider ldap
> AuthLDAPURL ldap://biblio.linfield.edu:389/o=linfield.edu?uid
> AuthLDAPBindDN "cn=secret, ou=Special Users, o=linfield.edu"
> AuthLDAPBindPassword "secret"
> AuthName "Protected"
> AuthType Basic
> <Limit GET>
> Require valid-user
> </Limit>
> Options Indexes FollowSymLinks
> AllowOverride None
> </Directory>
>

In 2.2.4 you might need to set 'AuthZLDAPAuthoritative off' to use
require valid-user.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43281

(but you should have seen some kind of errorlog entry for this failure)

--
Eric Covener
covener [at] gmail

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads