httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig Jackson <cjack...@localsurface.com>
Subject [users@httpd] Auth LDAP: require group works erratically
Date Sun, 20 Jun 2004 02:48:23 GMT
Hi,

It seems I can't get group authentication to work from ldap auth.
Sometimes it works, sometimes it doesn't. Here's from syslog when it
doesn't work on the first try but does work on the second attempt to
login.... [My openldap server does not allow anonymous bind

Jun 19 21:38:15 mail slapd[9081]: conn=93 op=4 SRCH
base="dc=localsurface,dc=com" scope=2
filter="(&(objectClass=CourierMailAccount)(mail=cjackson@localsurface.com))" 
Jun 19 21:38:15 mail slapd[9081]: conn=93 op=4 SRCH attr=mail 
Jun 19 21:38:15 mail slapd[9081]: conn=93 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text= 
Jun 19 21:38:36 mail slapd[9081]: conn=94 op=2 SRCH
base="dc=localsurface,dc=com" scope=2
filter="(&(objectClass=CourierMailAccount)(mail=cjackson@localsurface.com))" 
Jun 19 21:38:36 mail slapd[9081]: conn=94 op=2 SRCH attr=mail 
Jun 19 21:38:36 mail slapd[9081]: conn=94 op=2 SEARCH RESULT tag=101
err=0 nentries=1 text= 
Jun 19 21:38:36 mail slapd[9081]: conn=94 op=3 BIND anonymous
mech=implicit ssf=0 
Jun 19 21:38:36 mail slapd[9081]: conn=94 op=3 BIND
dn="cn=cjackson,ou=localsurface.com,dc=localsurface,dc=com" method=128 
Jun 19 21:38:36 mail slapd[9081]: conn=94 op=3 BIND
dn="cn=cjackson,ou=localsurface.com,dc=localsurface,dc=com" mech=simple
ssf=0 
Jun 19 21:38:36 mail slapd[9081]: conn=94 op=3 RESULT tag=97 err=0 text=
Jun 19 21:38:36 mail slapd[9081]: conn=94 op=4 CMP
dn="cn=digitalmedia,cn=cjackson,ou=localsurface.com,dc=localsurface,dc=com" attr="uniqueMember"

Jun 19 21:38:36 mail slapd[9081]: conn=94 op=4 RESULT tag=111 err=6
text= ....

This from the Apache error log...
[Sat Jun 19 21:38:15 2004] [warn] [client 10.1.1.3] [9232] auth_ldap
authenticate: user cjackson@localsurface.com authentication failed; URI
/dm/ [User not found][No such object]

Using Apache 2.0.47 compiled like this.....

./configure --enable-ssl --with-ssl=/usr/local/ssl --enable-so
--enable-dav --enable-dav-fs --with-ldap --enable-ldap
--enable-auth-ldap

With this Location directive...

Alias /dm/ /usr/local/apache2/digitalmedia/
<Location /dm/>
Options Indexes MultiViews
AuthType Basic
AuthName "Digital Media"
AuthLDAPEnabled on
AuthLDAPGroupAttribute uniqueMember
AuthLDAPURL
"ldap://localhost:389/dc=localsurface,dc=com?mail?sub?(objectClass=CourierMailAccount)"
AuthLDAPBindDN "cn=da_man,dc=localsurface,dc=com"
AuthLDAPBindPassword "SECRET"
require group
cn=digitalmedia,cn=cjackson,ou=localsurface.com,dc=localsurface,dc=com
        <Limit GET HEAD OPTIONS PROPFIND>
                Allow from all
        </Limit>
DavMinTimeout 3600
</Location>


I have tried various configuration changes to no avail. Why would it
work sometimes and not others?

I am using Kongueror and Firefox to connect.

Thanks,
Craig Jackson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message