httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sohail Somani" <s.som...@fincad.com>
Subject RE: [users@httpd] Apache 2 + LDAP - valid user/pw not authenticated?
Date Mon, 13 Nov 2006 20:30:16 GMT
> -----Original Message-----
> From: Christophe Gravier 
> [mailto:christophe.gravier@univ-st-etienne.fr] 
> Sent: Friday, November 10, 2006 12:05 AM

> Sohail Somani a écrit :
> > Hi,
> >
> > I'm trying to set up ldap authentication. I am pretty sure that it
> > authenticates because if I get the following results from 
> the error logs
> > in specific situations:
> >
> > Invalid user: auth_ldap authenticate: user <bad_user> authentication
> > failed; URI /mypaty [User not found][No such object]
> > Valid user/invalid pw: user <good_user>: authentication failure for
> > "/mypath": Password Mismatch
> > Valid user/valid pw: No output from error log
> >
> > So I assume that it works and is set up correctly. 
> Additionally, I have
> > used ldapsearch to verify that the ldap strings are doing the right
> > dance.
> >
> > However, in the last case, when it appears that I have 
> authenticated,
> > Firefox/IE keep popping up the authorization box even when 
> the user/pw
> > are correct! Here is my relevant (I hope) config:
[snip]
> Are you using Apache >= 2.2 ?
> 
> If yes, the "require valid-user" is not the directive for authnz_ldap 
> module/
> If you're using apache >= 2.2 and you want to:
> 
> 1/ allow "any" authenticated user to enter (whatever his group 
> membership is (i.e. no authorization control), you must "bypass" the 
> authz_ldap authorization module by setting 
> "AuthzLDAPAuthoritative" to 
> off (else apache searches for require ldap-user or ldap-group 
> directives)
[snip]

Thanks, these configs did the trick. 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message