httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Hernandez <apa...@mac-specialist.com>
Subject Re: [users@httpd] OS X Server - apple_auth_module & LDAP (Solved)
Date Fri, 15 Jun 2007 18:08:51 GMT

On Jun 15, 2007, at 11:19 AM, Bill Hernandez wrote:
>
> HERE's what used to work with the LDAP users and groups
>
> <Directory "/etc/apache/htdocs/private">
> 	Order allow,deny
> 	Allow from all
> 	AuthName "private"
> 	AuthType Basic
> 	<Limit GET HEAD OPTIONS CONNECT POST PROPFIND PUT DELETE PROPPATCH  
> MKCOL COPY MOVE LOCK UNLOCK>
> 		Require user  robert tommy
> 	</Limit>
> 	<Limit GET HEAD OPTIONS CONNECT POST>
> 		Require group  sales maintenance
> 	</Limit>
> </Directory>
>
> NOW it generates an error message : Authorization Required
>
> I finally wrote a shell script to create two files, users and  
> groups, which basically duplicates the LDAP users and groups, but  
> is not a good solution, because it adds another level of things to  
> do if there are any changes in LDAP users and groups :
>
> 	AuthUserFile /etc/apache/users
> 	AuthGroupFile /etc/apache/groups
>

SOLUTION :

I found that in order for "LoadModule apple_auth_module" to work  
correctly with the way the <Directory ...> is structured above, the  
users and groups have to be created at the "Local Directory" level,  
instead of at the "LDAP Directory" level.

Once I deleted users and groups from LDAP, and created them on  the  
"Local Directory" via the WorkGroup Manager, all authentications in   
Apache began to work correctly. This is apparently where I had  
created the before I re-formatted and initialized the drive.

Anyway, this appears to have solved all my problems.

And 	
	AuthUserFile /etc/apache/users
	AuthGroupFile /etc/apache/groups

are no longer required...

Best Regards,

Bill Hernandez
Plano, Texas


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message