httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gaël Lams" <>
Subject Re: [users@httpd] help with mod_authz_ldap
Date Tue, 20 Mar 2007 08:02:45 GMT
On 3/20/07, Todd Nine <> wrote:
> Hi all,
>   I'm having a bit of trouble getting mod_authz_ldap to work.  I have my OU
> layout and my posix groups layout included.  I'm simply trying to
> authenticate the user "tnine" against the group
>  cn=development,ou=Groups,dc=arocksoftware,dc=com
>  I receive the following error, so I'm obviously not getting authorized
> auth_ldap authenticate: user tnine authentication failed; URI /vcproject/
> [ldap_search_ext_s() for user failed][No such object]
>  I have the following settings in my authorization directive.  But I have
> several questions.  Any help would be greatly appreciated.
> 1. I'm using a posixGroup, is that not possible?
> 2. I have set the log level to debug, but I only get the above line in the
> error_log.  I'd like to see the query string its issuing, is that possible?
> 3. I thought that by setting the AuthLDAPGroupAttribute it would find my
> username and authenticate me, is that not correct?

I personally always look on the ldap back-end side to see the query
string being issued. Which ldap directory are you using

Before working with a group, do you have the ldap authentication
working for a single user?

"require valid-user" directive requires that mod_authz_user be loaded
and that the AuthzLDAPAuthoritative directive be set to off but you
have it set to off

AuthLDAPGroupAttribute specifies which LDAP attributes are used to
check for group membership.
The require directives are used during the authorization phase: are
you sure you're right in specifying both require valid-user and
require ldap-group? As said a few lines below, require valid-user
require an additional authorization modules (mod_authz_user). Why
don't use only require ldap-group? This whay you could let
"AuthzLDAPAuthoritative On"?


View raw message