httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Davis <sdav...@mail.nih.gov>
Subject [users@httpd] ldap group problems
Date Thu, 12 Jul 2007 01:32:35 GMT
httpd v2.2.4 from source on macos 10.4.9

I have a configuration like this.  In the first case using require
valid-user, everything works as expected.  I can authenticate users just
fine.  However, when I use the second Location block, I have problems
and cannot authorize against the group.  Any suggestions?

Thanks,
Sean


<Location /svn/>
	AuthLDAPBindDN	cn=secretuser,dc=octopus,dc=nci,dc=nih,dc=gov
	AuthLDAPBindPassword	secret
	AuthzLDAPAuthoritative off
	AuthType	basic
	AuthName	"svn repository"
	AuthBasicProvider	ldap
	AuthLDAPURL	ldap://octopus.nci.nih.gov/dc=octopus,dc=nci,dc=nih,dc=gov
	require valid-user
</Location>


<Location /svn2/>
	AuthLDAPBindDN	cn=secretuser,dc=octopus,dc=nci,dc=nih,dc=gov
	AuthLDAPBindPassword	secret
	Allow from all
	AuthzLDAPAuthoritative off
	AuthLDAPGroupAttributeIsDN off
	AuthLDAPGroupAttribute member
	AuthType	basic
	AuthName	"svn repository"
	AuthBasicProvider	ldap
	AuthLDAPURL	ldap://octopus.nci.nih.gov/dc=octopus,dc=nci,dc=nih,dc=gov
	require ldap-group cn=mpiuser,ou=group,dc=octopus,dc=nci,dc=nih,dc=gov
</Location>


Here is what the apache log shows:

[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(376): [client
137.187.209.230] [8873] auth_ldap authenticate: using URL
ldap://octopus.nci.nih.gov/dc=octopus,dc=nci,dc=nih,dc=gov
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(475): [client
137.187.209.230] [8873] auth_ldap authenticate: accepting sdavis
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(712): [client
137.187.209.230] [8873] auth_ldap authorise: require group: testing for
group membership in "cn=mpiuser,ou=group,dc=octopus,dc=nci,dc=nih,dc=gov"
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(718): [client
137.187.209.230] [8873] auth_ldap authorise: require group: testing for
member: sdavis (cn=mpiuser,ou=group,dc=octopus,dc=nci,dc=nih,dc=gov)
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(734): [client
137.187.209.230] [8873] auth_ldap authorise: require group
"cn=mpiuser,ou=group,dc=octopus,dc=nci,dc=nih,dc=gov": authorisation
failed [Comparison complete][Invalid syntax]
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(842): [client
137.187.209.230] [8873] auth_ldap authorise: declining to authorise
[Wed Jul 11 20:30:44 2007] [error] [client 137.187.209.230] access to
/svn2/apache_pb.png failed, reason: require directives present and no
Authoritative handler.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message