httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 42627] New: - Unable to authenticate using authz-ldap require group
Date Mon, 11 Jun 2007 00:11:48 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42627>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=42627

           Summary: Unable to authenticate using authz-ldap require group
           Product: Apache httpd-2
           Version: 2.2.3
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authz_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: bugzilla.apache@jamie-thompson.co.uk


Similar sounding to bug http://issues.apache.org/bugzilla/show_bug.cgi?id=40926,
I cannot authenticate using membership in a group. This used to work when I
first set it up (using some version of Apache 2.0.x), but now it does not.

My Group object looks like this:
cn=Post News,ou=Service Authentication,ou=Groups,dc=jamie-thompson,dc=co,dc=uk,dc=.
cn: Post News
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: uid=testuser,ou=People,ou=Accounts,dc=jamie-thompson,dc=co,dc=uk,dc=.

My .htaccess looks like this:
<FilesMatch "postnews">
        #AuthLDAPBindDN <admin dn>
        #AuthLDAPBindPassword <admin password>

        AuthLDAPURL
ldap://localhost/ou=People,ou=Accounts,dc=jamie-thompson,dc=co,dc=uk,dc=.?uid
        AuthType Basic
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off
        AuthName "Permission to post new news items"
        Require group
cn=Post%20News,ou=Service%20Authentication,ou=Groups,dc=jamie-thompson,dc=co,dc=uk,dc=.
        #require user testuser
</FilesMatch>

I have worked through the bug I mentioned earlier, but I was unable to resolve
my issue and get things working. I have tried specifying my admin DN in case in
was a permission issue, but this made no difference.  I also tried both
ldap-group and group, but this made no difference either. Adding in the
require-user works, but that is a separate bit of functionality so I would
expect it to. My group URL used to have unescaped spaces in it, so I have tried
escaping them, but still this has not helped.

I also turned on the ldap cache info feature, and this shows only the search
urls. I have the DN of my user account, and nothing under compares or dn compares.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message