httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] mod_authnz_ldap module and Microsoft AD LDAP Server
Date Wed, 22 Oct 2008 13:52:53 GMT
Rodney Ramos wrote:
> Great! That´s it!
> 
> I´ve tried to use a user called "admin" that exists in the LDAP server.
> 
> So, to make the test, I´ve created a crazy username and put it into the flat
> file, and it works!
> 
> The Apache tries to consult the flat file only if it doesn´t find the user
> in the LDAP server.
> 
> Now, another problem (sorry for boring you). Instead of use a flat file as a
> second option, I want to use a database.
> 
> So, I´ve installed the Apache::DBI module and tried to use the
> Apache::AuthDBI to authenticate in a MySQL database.
> 
> Now the problem is that Apache only try to use the Apache::AuthDBI module.
> It doesn´t looking for in the LDAP server any more.
> 
> Any idea? Maybe I shoud try to use the mod_authn_dbd instead of
> Apache::AuthDBI?
> 
> What do you think?
> 

Hi.
I think indeed that you try with mod_authn_dbd instead of 
Apache::AuthDBI, in this case.

There are others here that will explain that better than I can (Torsten, 
are you there ?), but in a nutshell :

Modules like mod_xxx are Apache add-on modules written in C.
Modules like Apache::AuthDBI are Apache add-on modules written in Perl, 
who themselves work within the framework provided by the mod_perl add-on 
module (and the embedded perl interpreter that it carries with it).
mod_perl itself "insinuates itself" fairly deeply into Apache, so that 
many times you can do the same things as what C add-on modules achieve 
(or even more things), but mod_perl add-on modules and C add-on modules 
do not always "cooperate" so well with eachother.

In the latest Apache 2.x versions, the various mod_authxxxx C modules 
have apparently been rewritten so that they cooperate with eachother well.
On the other hand, Apache::DBI is older, and does not cooperate so 
nicely with the others.
So you shouldn't mix the two types of add-ons, at least not when it is 
within the same Apache "authentication phase".

This was a very summary explanation, and probably quite insufficient 
from a purist technical point of view.  If you need more details, ask 
and I'll try.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message