httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From paredes <pare...@aecom.yu.edu>
Subject [users@httpd] AuthBasicProvider ldap dbd not failing through
Date Thu, 24 Jan 2008 19:22:23 GMT
Greetings!

I've successfully built apache2.2.8 with all the appropriate modules 
[mod_authn*, mod_authz*, mod_dbd*, mod_ldap* etc etc] for ldap & mysql 
support. An ldap [valid-user] protected area works fine. A mysql 
[valid-user] protected area works fine. A mysql [require-dbd-group] 
group protected area works fine.

However,  when I use the "AuthBasicProvider ldap dbd" directive to 
protect an area with ldap "failing through" to mysql the fall through 
never occurs. Authentication / authorization seemingly gets "stuck" on 
the first AuthBasicProvider argument. The 2nd argument is always ignored.

I explored this further by setting up a truth table where the 
AuthBasicProvider arguments were swapped, the AuthLDAPURL & 
AuthDBDUserPWQuery order were swapped,  AuthzLDAPAuthoritative on/off 
was toggled, & AuthBasicAuthoritative on/off was toggled. In all cases 
the results indicate that only the 1st AuthBasicProvider argument gets 
read while the 2nd is ignored.
 
I'm building apache with mod_dbd_mysql.c copied from apr-util-1.2.12 
into httpd-2.2.8/srclib/apr-util/dbd

This is the configure I used:

CFLAGS='-DHAVE_MYSQL_H -I/usr/local/mysql/include 
-L/usr/local/mysql/lib' ./configure --with-apr=/usr/local/apr  
--with-apr-util=/usr/local/apr-util --enable-mods-shared=most 
--enable-ldap --enable-authnz-ldap --enable-deflate  --disable-userdir  
--disable-cgi  --disable-cgd --disable-auth-anon --disable-auth-dbm 
--disable-expires --disable-headers --disable-status --disable-dav 
--disable-dav-fs --disable-vhost-alias --disable-speling 
--disable-rewrite --disable-ext-filter --enable-authn-alias

I then compiled mod_authz_dbd  with "apxs -c -i -a mod_authz_dbd.c     
mod_authz_dbd.h"

This is the directory in question:

<Directory ldap2mysql>
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "ldap2mysql"
AuthBasicProvider ldap dbd
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://ourldapserver/ou=people . . ."
AuthBasicAuthoritative on
AuthDBDUserPWQuery "SELECT password FROM mysqlauth WHERE user=%s"
Require valid-user
</Directory>

The mysql general.log and local.err logs show that a dbd connection is 
not made. The apache error logs [debug] show that only LDAP connects. 
[likewise, if dbd is the 1st provider only mysql shows a connection but 
not ldap.]

Even though I know that the modules were refactored to prevent load 
order from being an issue, I've just started to systematically change 
the module load order so that all the ldap modules come before the dbd 
modules but this has not resolved the issue . Our existing education 
server which I'd like to upgrade from apache 2.0.58 uses mod_auth_mysql 
and it requires a specific load order in order to work with apache's 
built in ldap.

Can anyone give me  a hint  on the next step I should take in 
troubleshooting?

Regards,

Bill Paredes
Computer Based Education
Albert Einstein College of Medicine


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message