httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ace Suares <...@suares.nl>
Subject Q: Intermittent trouble with mod_auth_ldap in 2.0 and 1.3
Date Tue, 11 Nov 2003 17:42:09 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Due to a confusing post earlier, which happened to put this message into an 
unrelated thread, I am reposting this one. I hope that clears things up. I 
changed the subject, too, prefixing 'Q:' to distinguish from the other post.


Hi All,

Wether I am using Apache 1.3 with mod_auth_ldap 1.6.0 (from Rudedog) or Apache
2.0 with the distributed auth_ldap module (which is, as I understand, based
on the rudedog module), I am experiencing the same problems.

Over at the auth_ldap@rudedog.org mailinglist, we analyzed the problem with
help op Brent Putnam, who posted a patch almost 2 years ago for a certain
problem that seems related. Find the patch and a description here:

http://www.rudedog.org/pipermail/auth_ldap/2001-December/043545.html

The problem that Brent describes relates to the use of AuthLdapBindDN, but I
am binding anonymously and seem to have the same problems.

The most clever description of the problem can be found in above link, but
I'll put it down in my own words:

Whenever I login as userA, which is succesfull, and then want to login to
another URL with another .htaccess file with another Realm, as userB, I am
not allowed access. In my setup, only anonymous can see (certain attributes)
from all entires in the ldap directory; userA can not see userB and vice
versa.

When I get to the page for userB, I don't even get a pop-up that asks me for
username and password. I just get a 401 error. When I refresh the page
several times, I might get a pop-up, which I fill in with the correct
authentication information, but acces is disallowed and I get a pop-up again.
I can keep doing this several times. Meanwhile, I can go back to the page for
userA with no problems.

After a certain amount of refreshes followed by a certain amount of filling in
authentication info in the pop-up, I suddenly get access. Then, the page for
userA doens't let me in anymore. Even if they are in different realms!

I can provide you with more debugging info, but at the moment I'll just wait
for reactions.

My settings in apache for mod_auth_ldap:

in httpd.conf:
AuthLDAPOpCacheSize 0
AuthLDAPCacheSize 0
______________

in .htaccess for userA in urlA:

AuthName "Login for example.com"
AuthType Basic
ldap://localhost:389/dc=example,dc=com,qapp=qwido?uid?sub?(objectclass=qManager)
AuthLDAPRemoteUserIsDN on
require valid-user

in .htaccess for userB in urlB:

AuthName "Login for suares.com"
AuthType Basic
AuthLDAPURL
ldap://localhost:389/dc=suares,dc=com,qapp=qwido?uid?sub?(objectclass=qManager)
AuthLDAPRemoteUserIsDN on
require valid-user

Above is the config for Apache 1.3, but I am experiencing the same problems
with Apache 2.0. I also tried Opera, Mozilla and Konquerer as browsers.

I would appreciate any info on this issue.
I hope this is the right place to contact developers for mod_auth_ldap in 2.0

Cheers,

Ace

- -- 
website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/sR9xy7boE8xtIjURAp5tAJwKvHfM8T7Ba4uHUFfwEN+igoaYRwCdE37K
ZdZU1mmtxWcpsR2yP1n8C3I=
=1vOW
-----END PGP SIGNATURE-----


Mime
View raw message