Return-Path: Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: (qmail 79787 invoked from network); 9 Jun 2009 07:53:12 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 9 Jun 2009 07:53:12 -0000 Received: (qmail 54758 invoked by uid 500); 9 Jun 2009 07:53:24 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 54689 invoked by uid 500); 9 Jun 2009 07:53:23 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 54677 invoked by uid 99); 9 Jun 2009 07:53:23 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Jun 2009 07:53:23 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Jun 2009 07:53:20 +0000 Received: by brutus.apache.org (Postfix, from userid 33) id E842D234C046; Tue, 9 Jun 2009 00:52:58 -0700 (PDT) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 47333] New: LDAP Authentication is not accepted when trying to use credentials from different sources for one directory X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: newchanged X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_authz_ldap X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: sergey.vladimirov@tomtom.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Tue, 9 Jun 2009 00:52:58 -0700 (PDT) X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=47333 Summary: LDAP Authentication is not accepted when trying to use credentials from different sources for one directory Product: Apache httpd-2 Version: 2.3-HEAD Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: mod_authz_ldap AssignedTo: bugs@httpd.apache.org ReportedBy: sergey.vladimirov@tomtom.com I have the following configuration for protecting directory with LDAP (see below). So basically we want valid users both from subtrees of OU1 and OU2 to be able to download our files. But only accounts belonging to OU1 are able to do it. Accounts belonging to OU2 will get access denied page. If we switch the order of "Directory" directives it will work for OU2, but not for OU1. Options Indexes FollowSymLinks AllowOverride None order allow,deny allow from all AuthName "SOME SYSTEM" AuthType Basic AuthLDAPUrl "ldap://servername:389/OU=OU1,DC=intra,DC=local?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN "CN=authuser1,OU=Other Accounts,OU=OU1,DC=intra,DC=local" AuthLDAPBindPassword "password" AuthzLDAPAuthoritative off Require valid-user Options Indexes FollowSymLinks AllowOverride None order allow,deny allow from all AuthName "SOME SYSTEM" AuthType Basic AuthLDAPUrl "ldap://servername:389/OU=OU2,DC=intra,DC=local?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN "CN=authuser1,OU=Other Accounts,OU=OU1,DC=intra,DC=local" AuthLDAPBindPassword "password" AuthzLDAPAuthoritative off Require valid-user On the other side we want the same scheme to work for cgi-bin and all scripts in it (see below). And this time it works for both OU1 and OU2. So why we have such a difference for executing scripts and just downloading files? Options Indexes FollowSymLinks AllowOverride None order allow,deny allow from all AuthName "SOME SYSTEM" AuthType Basic AuthLDAPUrl "ldap://servername:389/OU=OU1,DC=intra,DC=local?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN "CN=authuser1,OU=Other Accounts,OU=OU1,DC=intra,DC=local" AuthLDAPBindPassword "password" AuthzLDAPAuthoritative off Require valid-user Options Indexes FollowSymLinks AllowOverride None order allow,deny allow from all AuthName "SOME SYSTEM" AuthType Basic AuthLDAPUrl "ldap://servername:389/OU=OU2,DC=intra,DC=local?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN "CN=authuser1,OU=Other Accounts,OU=OU1,DC=intra,DC=local" AuthLDAPBindPassword "password" AuthzLDAPAuthoritative off Require valid-user -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org