httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47333] New: LDAP Authentication is not accepted when trying to use credentials from different sources for one directory
Date Tue, 09 Jun 2009 07:52:58 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47333

           Summary: LDAP Authentication is not accepted when trying to use
                    credentials from different sources for one directory
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authz_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: sergey.vladimirov@tomtom.com


I have the following configuration for protecting directory with LDAP (see
below).
So basically we want valid users both from subtrees of OU1 and OU2 to be able
to download our files. But only accounts belonging to OU1 are able to do it.
Accounts belonging to OU2 will get access denied page. If we switch the order
of "Directory" directives it will work for OU2, but not for OU1.

<Directory "/srv/www/htdocs/some_system/">
  Options Indexes FollowSymLinks
  AllowOverride None
  order allow,deny
  allow from all

  AuthName "SOME SYSTEM"

  AuthType Basic
  AuthLDAPUrl
"ldap://servername:389/OU=OU1,DC=intra,DC=local?sAMAccountName?sub?(objectClass=*)"
  AuthLDAPBindDN "CN=authuser1,OU=Other Accounts,OU=OU1,DC=intra,DC=local"
  AuthLDAPBindPassword "password"
  AuthzLDAPAuthoritative off
  Require valid-user

</Directory>


<Directory "/srv/www/htdocs/some_system/">
  Options Indexes FollowSymLinks
  AllowOverride None
  order allow,deny
  allow from all

  AuthName "SOME SYSTEM"

  AuthType Basic
  AuthLDAPUrl
"ldap://servername:389/OU=OU2,DC=intra,DC=local?sAMAccountName?sub?(objectClass=*)"
  AuthLDAPBindDN "CN=authuser1,OU=Other Accounts,OU=OU1,DC=intra,DC=local"
  AuthLDAPBindPassword "password"
  AuthzLDAPAuthoritative off
  Require valid-user

</Directory>



On the other side we want the same scheme to work for cgi-bin and all scripts
in it (see below). And this time it works for both OU1 and OU2. 
So why we have such a difference for executing scripts and just downloading
files?

<Directory "/srv/www/cgi-bin/some_system/">
  Options Indexes FollowSymLinks
  AllowOverride None
  order allow,deny
  allow from all

  AuthName "SOME SYSTEM"

  AuthType Basic
  AuthLDAPUrl
"ldap://servername:389/OU=OU1,DC=intra,DC=local?sAMAccountName?sub?(objectClass=*)"
  AuthLDAPBindDN "CN=authuser1,OU=Other Accounts,OU=OU1,DC=intra,DC=local"
  AuthLDAPBindPassword "password"
  AuthzLDAPAuthoritative off
  Require valid-user

</Directory>


<Directory "/srv/www/cgi-bin/some_system/">
  Options Indexes FollowSymLinks
  AllowOverride None
  order allow,deny
  allow from all

  AuthName "SOME SYSTEM"

  AuthType Basic
  AuthLDAPUrl
"ldap://servername:389/OU=OU2,DC=intra,DC=local?sAMAccountName?sub?(objectClass=*)"
  AuthLDAPBindDN "CN=authuser1,OU=Other Accounts,OU=OU1,DC=intra,DC=local"
  AuthLDAPBindPassword "password"
  AuthzLDAPAuthoritative off
  Require valid-user

</Directory>

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message