httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46978] New: mod_authz_LDAP displays page not found when used with mod_auth_kerb
Date Tue, 07 Apr 2009 01:28:06 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46978

           Summary: mod_authz_LDAP displays page not found when used with
                    mod_auth_kerb
           Product: Apache httpd-2
           Version: 2.2.11
          Platform: PC
               URL: http://private
        OS/Version: FreeBSD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authz_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: garrisot@otc.edu


If using mod_auth_kerb for authentication and mod_authz_ldap for authorization,
a page not found will be displayed if you are authenticated with mod_auth_kerb
but denied access with mod_authz_ldap.

httpd.conf
    AuthType Kerberos
    AuthName "Kerberos Login"
    KrbMethodNegotiate On
    KrbMethodK5Passwd Off
    KrbAuthRealms DOMAIN.COM
    KrbAuthoritative on
    Krb5KeyTab /usr/local/etc/apache22/keytab
    AuthLDAPBindDN "user@domain.com"
    AuthLDAPBindPassword "password"
    AuthLDAPUrl
ldap://ADserver:3268/dc=domain,dc=com?userPrincipalName?sub?(objectClass=*)
    require ldap-group cn=group,OU=Groups,DC=domain,DC=com

error log
[Mon Apr 06 13:27:33 2009] [debug] src/mod_auth_kerb.c(1628): [client 1.2.3.4]
kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Mon Apr 06 13:27:41 2009] [debug] src/mod_auth_kerb.c(1628): [client 1.2.3.4]
kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Mon Apr 06 13:27:41 2009] [debug] src/mod_auth_kerb.c(1240): [client 1.2.3.4]
Acquiring creds for HTTP@server.domain.com
[Mon Apr 06 13:27:41 2009] [debug] src/mod_auth_kerb.c(1385): [client 1.2.3.4]
Verifying client data using KRB5 GSS-API with our SPNEGO lib
[Mon Apr 06 13:27:41 2009] [debug] src/mod_auth_kerb.c(1401): [client 1.2.3.4]
Client didn't delegate us their credential
[Mon Apr 06 13:27:41 2009] [debug] src/mod_auth_kerb.c(1420): [client 1.2.3.4]
GSS-API token of length 129 bytes will be sent back
[Mon Apr 06 13:27:41 2009] [debug] mod_authnz_ldap.c(582): [client 1.2.3.4]
ldap authorize: Creating LDAP req structure
[Mon Apr 06 13:27:41 2009] [debug] mod_authnz_ldap.c(715): [client 1.2.3.4]
[77101] auth_ldap authorise: require group: testing for group membership in
"cn=group,OU=Groups,DC=domain,DC=com"
[Mon Apr 06 13:27:41 2009] [debug] mod_authnz_ldap.c(721): [client 1.2.3.4]
[77101] auth_ldap authorise: require group: testing for member:
CN=user,OU=Accounts,DC=domain,DC=com (cn=group,OU=Groups,DC=domain,DC=com)
[Mon Apr 06 13:27:41 2009] [debug] mod_authnz_ldap.c(737): [client 1.2.3.4]
[77101] auth_ldap authorise: require group
"cn=group,OU=Groups,DC=domain,DC=com": authorisation failed [Comparison false
(adding to cache)][Compare False]
[Mon Apr 06 13:27:41 2009] [debug] mod_authnz_ldap.c(721): [client 1.2.3.4]
[77101] auth_ldap authorise: require group: testing for uniquemember:
CN=user,OU=Accounts,DC=domain,DC=com (cn=group,OU=Groups,DC=domain,DC=com)
[Mon Apr 06 13:27:41 2009] [debug] mod_authnz_ldap.c(737): [client 1.2.3.4]
[77101] auth_ldap authorise: require group
"cn=group,OU=Groups,DC=domain,DC=com": authorisation failed [Comparison no such
attribute (adding to cache)][No such attribute]
[Mon Apr 06 13:27:41 2009] [debug] mod_authnz_ldap.c(852): [client 1.2.3.4]
[77101] auth_ldap authorise: authorisation denied

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message