httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Nine" <>
Subject [users@httpd] help with mod_authz_ldap
Date Tue, 20 Mar 2007 02:19:15 GMT
Hi all,
  I'm having a bit of trouble getting mod_authz_ldap to work.  I have my OU
layout and my posix groups layout included.  I'm simply trying to
authenticate the user "tnine" against the group


I receive the following error, so I'm obviously not getting authorized

auth_ldap authenticate: user tnine authentication failed; URI /vcproject/
[ldap_search_ext_s() for user failed][No such object]

I have the following settings in my authorization directive.  But I have
several questions.  Any help would be greatly appreciated.

1. I'm using a posixGroup, is that not possible?
2. I have set the log level to debug, but I only get the above line in the
error_log.  I'd like to see the query string its issuing, is that possible?
3. I thought that by setting the AuthLDAPGroupAttribute it would find my
username and authenticate me, is that not correct?

Thanks in advance for the help.


subversion.conf file

<Location />
   DAV svn
   SVNParentPath /srv/svnrepos

   # Limit write permission to list of valid users.
   # Require SSL connection for password protection.
   # SSLRequireSSL

   AuthType Basic
   AuthName "ARock Software Subversion"
   AuthBasicProvider            ldap

   AuthLDAPURL ldap://ldap:389/
   require ldap-group cn=development,ou=Groups,dc=arocksoftware,dc=com
   AuthzLDAPAuthoritative on
   AuthLDAPGroupAttribute memberUid
   AuthzLDAPLogLevel debug
   Require valid-user

Dump of openldap schema

dn: dc=arocksoftware,dc=com
objectClass: dcObject
objectClass: organization
dc: arocksoftware
o: Arock Software

dn: cn=Manager,dc=arocksoftware,dc=com
cn: Manager
objectClass: organizationalRole
objectClass: top

dn: ou=Groups,dc=arocksoftware,dc=com
ou: Groups
objectClass: organizationalUnit
objectClass: top

dn: cn=development,ou=Groups,dc=arocksoftware,dc=com
cn: development
gidNumber: 1001
objectClass: posixGroup
objectClass: top
memberUid: tnine

dn: ou=People,dc=arocksoftware,dc=com
ou: People
objectClass: organizationalUnit
objectClass: top

dn: ou=Customers,ou=People,dc=arocksoftware,dc=com
ou: Customers
objectClass: organizationalUnit
objectClass: top

dn: ou=Employees,ou=People,dc=arocksoftware,dc=com
ou: Employees
objectClass: organizationalUnit
objectClass: top

dn: cn=Todd Nine,ou=Employees,ou=People,dc=arocksoftware,dc=com
givenName: Todd
sn: Nine
cn: Todd Nine
uid: tnine
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/users/development/ne
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {SHA}removed

View raw message