httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dick Davies <rasput...@hellooperator.net>
Subject Re: [users@httpd] Apache 2.0.52, mod_auth_ldap & RemoteUserIsDN
Date Fri, 26 Nov 2004 13:15:42 GMT
* Duncan Brannen <dbb@st-andrews.ac.uk> [1106 12:06]:
> At 11:39 26/11/2004, Dick Davies wrote:
> >* Duncan Brannen <dbb@st-andrews.ac.uk> [1127 11:27]:
> >>
> >>
> >> Hi Folks,
> >>       I'm looking at moving to Apache2 but having some problems
> >> with a difference between the old 1.3 auth_ldap module from
> >> rude dog & the apache 2 bundled one.
> >>
> >>
> >> If you specify
> >>
> >>               AuthLDAPRemothUserIsDN
> >> and use
> >>               require user uid1 uid2 uid3
> >
> >I think
> >
> >http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html#authldapremoteuserisdn
> >
> >is incorrect, it says it just sets REMOTE_USER to the dn, but I think
> >RemoteUserIsDN actually tells mod_ldap to expect DNs via basic auth
> >(in a similar way to what AuthLDAPGroupAttributeIsDN does).
> >
> >Just take that line out and it should work - let me know if it does, I'll 
> >raise
> >a bug on the documentation.
> 
> 
> It does work if I take the line out.  Problem is, all our users have the 
> line in their .htaccess files.
> 
> Any idea if there's a work around while I educate people or is it possible 
> it's not a documentation bug, but a code bug?

My guess would be that the doc is wrong. I imagine they stole^W drew inspiration
from the 1.3 auth_ldap module when writing it.

Workaround wise, you could define it in httpd.conf at the directory level above
the docroots, but you're still going to have to take it out of the .htaccess, and
in my experience the users will put it back the next time they have a problem with
anything. Probably simpler to just append an 'off' to that line in each .htaccess...

-- 
One cannot make an omelette without breaking eggs -- but it is amazing
how many eggs one can break without making a decent omelette. - Charles P. Issawi
Rasputin :: Jack of All Trades - Master of Nuns

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message