httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Hart <tomh...@coopfed.org>
Subject Re: [users@httpd] apache 2.2.4 and AD: authentication failed.
Date Fri, 26 Oct 2007 17:30:49 GMT
I'm not sure that you really need an alternative. using the setup you 
have now should work fine, with authoritative off, and using valid-user. 
I have that same exact setup running on our corporate intranet, and it's 
been working fine.

Also, I do not know of an alternative for having the paassword in clear 
text in the file. What I did was create a new AD user (apache_validate 
or something along those lines) that is used only for this purpose. The 
user has almost no access rights, except that they can login and query 
ad. This is what I would recommend, as well as running apache under a 
seperate user account if you're not doing this already.

Melanie Pfefer wrote:
> ldap-user is not viable...I will have to add all users
> by hand... Any other alternative?
>
> also, AuthLDAPBindPassword is written in clear text in
> the file...Any other alternative?
>
> Many thanks!
>
> --- Tom Hart <tomhart@coopfed.org> wrote:
>
>   
>> authzldapauthoritative sets it such that ldap is the
>> only authentication 
>> that can be used. However valid-user is not seen as
>> an ldap 
>> authentication (try ldap-user, etc.), so it needs to
>> be able to fall 
>> back on "basic authentication" even though it is
>> using the ldap setup to 
>> validate.
>>
>> Basically it's ldap, but apache thinks it's basic. I
>> think that's what 
>> happens anyway.
>>
>> Melanie Pfefer wrote:
>>     
>>> I tried AuthZLDAPAuthoritative off and indeed it
>>> worked...now...what is the impact of disabling
>>> AuthZLDAPAuthoritative??
>>>
>>>
>>> thanks bunches...
>>> --- Eric Covener <covener@gmail.com> wrote:
>>>
>>>   
>>>       
>>>> On 10/26/07, Stusynski, Dan <dstusynski@ptc.com>
>>>> wrote:
>>>>     
>>>>         
>>>>> Looks like you can't acccess the resource.
>>>>>       
>>>>>           
>>>> authnz_ldap  + require valid-user doesn't work as
>>>> expected in 2.2.4,
>>>> try AuthZLDAPAuthoritative off
>>>>
>>>> -- 
>>>> Eric Covener
>>>> covener@gmail.com
>>>>
>>>>
>>>>     
>>>>         
> ---------------------------------------------------------------------
>   
>>>   
>>>       
>>>> The official User-To-User support forum of the
>>>> Apache HTTP Server Project.
>>>> See <URL:http://httpd.apache.org/userslist.html>
>>>>         
>> for
>>     
>>>> more info.
>>>> To unsubscribe, e-mail:
>>>> users-unsubscribe@httpd.apache.org
>>>>    "   from the digest:
>>>> users-digest-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail:
>>>> users-help@httpd.apache.org
>>>>
>>>>
>>>>     
>>>>         
>>>
>>>      
>>>       
> ___________________________________________________________
>   
>>> Want ideas for reducing your carbon footprint?
>>>       
>> Visit Yahoo! For Good 
>>
>>     
> http://uk.promotions.yahoo.com/forgood/environment.html
>   
>>>       
> ---------------------------------------------------------------------
>   
>>> The official User-To-User support forum of the
>>>       
>> Apache HTTP Server Project.
>>     
>>> See <URL:http://httpd.apache.org/userslist.html>
>>>       
>> for more info.
>>     
>>> To unsubscribe, e-mail:
>>>       
>> users-unsubscribe@httpd.apache.org
>>     
>>>    "   from the digest:
>>>       
>> users-digest-unsubscribe@httpd.apache.org
>>     
>>> For additional commands, e-mail:
>>>       
>> users-help@httpd.apache.org
>>     
>>>   
>>>       
>>
>>     
> ---------------------------------------------------------------------
>   
>> The official User-To-User support forum of the
>> Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for
>> more info.
>> To unsubscribe, e-mail:
>> users-unsubscribe@httpd.apache.org
>>    "   from the digest:
>> users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail:
>> users-help@httpd.apache.org
>>
>>
>>     
>
>
>
>       ___________________________________________________________
> Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
> now.
> http://uk.answers.yahoo.com/ 
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>   


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message