Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 86174 invoked from network); 22 Oct 2008 15:13:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Oct 2008 15:13:22 -0000 Received: (qmail 42801 invoked by uid 500); 22 Oct 2008 15:13:14 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 42778 invoked by uid 500); 22 Oct 2008 15:13:14 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 42767 invoked by uid 99); 22 Oct 2008 15:13:14 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Oct 2008 08:13:14 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of rodneyra@gmail.com designates 64.233.178.243 as permitted sender) Received: from [64.233.178.243] (HELO hs-out-0708.google.com) (64.233.178.243) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Oct 2008 15:12:05 +0000 Received: by hs-out-0708.google.com with SMTP id n78so1063214hsc.8 for ; Wed, 22 Oct 2008 08:12:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=b195ac77+s2k6iErt6W7XUUDsGIhVDks2dLFNMydt4M=; b=cHsEXltn6QocOCnNJgxYjfR2dEvastpFobzpvAMDuD+9X7buLMyOj3y76cr8jhjXwV BlM+VEKTQTkQjOvbwG0g1wU/XOktRJblXZn0yLViC2tNN4mbbAXthcOQ/+iGpw8Ewbv2 /CsCZLSh0SypsjL5Z0XYZDoqI8nIMFZRg6I1o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=odYltGZpCTnztHICKpdEaezWyglAeq/IY2kBxkXLw7wEjg2QJ7gjTVapsPt4JIE/46 RwYbXuZt7Ehr6Mk6NMtjONRtJa9eIcvlFMWvDCXzq4NXtMbI1Hv6xG5KcCzy3PVca4i+ jDXdw5Lyar/oNt7FsyPAskv5TWuCg8FSTskh4= Received: by 10.142.132.2 with SMTP id f2mr4389763wfd.256.1224688353241; Wed, 22 Oct 2008 08:12:33 -0700 (PDT) Received: by 10.142.11.18 with HTTP; Wed, 22 Oct 2008 08:12:33 -0700 (PDT) Message-ID: Date: Wed, 22 Oct 2008 13:12:33 -0200 From: "Rodney Ramos" To: users@httpd.apache.org In-Reply-To: <48FF3035.1080602@ice-sa.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_23853_15370135.1224688353247" References: <1404e5910810211027l1f01cd5hd5f86804b989ff47@mail.gmail.com> <48FE14B6.2000608@ice-sa.com> <1404e5910810211309j14250a88w4ec9d62024fa3e01@mail.gmail.com> <48FF3035.1080602@ice-sa.com> X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] mod_authnz_ldap module and Microsoft AD LDAP Server ------=_Part_23853_15370135.1224688353247 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Thank you, Andr=E9. That=B4s because I=B4m migrating an application from Apache 1.3 to Apache 2= . On Apache 1.3 I was used to Apache::DBI, Apache::AuthDBI, mod_perl, mod_auth_ldap etc. Everything worked fine, but .... Thank you again. Rodney. On Wed, Oct 22, 2008 at 11:52 AM, Andr=E9 Warnier wrote: > Rodney Ramos wrote: > >> Great! That=B4s it! >> >> I=B4ve tried to use a user called "admin" that exists in the LDAP server= . >> >> So, to make the test, I=B4ve created a crazy username and put it into th= e >> flat >> file, and it works! >> >> The Apache tries to consult the flat file only if it doesn=B4t find the = user >> in the LDAP server. >> >> Now, another problem (sorry for boring you). Instead of use a flat file = as >> a >> second option, I want to use a database. >> >> So, I=B4ve installed the Apache::DBI module and tried to use the >> Apache::AuthDBI to authenticate in a MySQL database. >> >> Now the problem is that Apache only try to use the Apache::AuthDBI modul= e. >> It doesn=B4t looking for in the LDAP server any more. >> >> Any idea? Maybe I shoud try to use the mod_authn_dbd instead of >> Apache::AuthDBI? >> >> What do you think? >> >> > Hi. > I think indeed that you try with mod_authn_dbd instead of Apache::AuthDBI= , > in this case. > > There are others here that will explain that better than I can (Torsten, > are you there ?), but in a nutshell : > > Modules like mod_xxx are Apache add-on modules written in C. > Modules like Apache::AuthDBI are Apache add-on modules written in Perl, w= ho > themselves work within the framework provided by the mod_perl add-on modu= le > (and the embedded perl interpreter that it carries with it). > mod_perl itself "insinuates itself" fairly deeply into Apache, so that ma= ny > times you can do the same things as what C add-on modules achieve (or eve= n > more things), but mod_perl add-on modules and C add-on modules do not alw= ays > "cooperate" so well with eachother. > > In the latest Apache 2.x versions, the various mod_authxxxx C modules hav= e > apparently been rewritten so that they cooperate with eachother well. > On the other hand, Apache::DBI is older, and does not cooperate so nicely > with the others. > So you shouldn't mix the two types of add-ons, at least not when it is > within the same Apache "authentication phase". > > This was a very summary explanation, and probably quite insufficient from= a > purist technical point of view. If you need more details, ask and I'll t= ry. > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project= . > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > ------=_Part_23853_15370135.1224688353247 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline
Thank you, Andr=E9.
 
That=B4s because I=B4m migrating an application from Apache 1.3 to Apa= che 2.
 
On Apache 1.3 I was used to Apache::DBI, Apache::AuthDBI, mod_perl, mo= d_auth_ldap etc.
 
Everything worked fine, but ....
 
Thank you again.
Rodney.


 
On Wed, Oct 22, 2008 at 11:52 AM, Andr=E9 Warnie= r <aw@ice-sa.com&= gt; wrote:
Rodney Ramos wrote:
Great! That=B4s it!

I=B4v= e tried to use a user called "admin" that exists in the LDAP serv= er.

So, to make the test, I=B4ve created a crazy username and put it into t= he flat
file, and it works!

The Apache tries to consult the flat = file only if it doesn=B4t find the user
in the LDAP server.

Now, = another problem (sorry for boring you). Instead of use a flat file as a
second option, I want to use a database.

So, I=B4ve installed the Ap= ache::DBI module and tried to use the
Apache::AuthDBI to authenticate in= a MySQL database.

Now the problem is that Apache only try to use th= e Apache::AuthDBI module.
It doesn=B4t looking for in the LDAP server any more.

Any idea? Mayb= e I shoud try to use the mod_authn_dbd instead of
Apache::AuthDBI?
What do you think?


Hi.
I think indeed th= at you try with mod_authn_dbd instead of Apache::AuthDBI, in this case.

There are others here that will explain that better than I can (Torsten= , are you there ?), but in a nutshell :

Modules like mod_xxx are Apa= che add-on modules written in C.
Modules like Apache::AuthDBI are Apache= add-on modules written in Perl, who themselves work within the framework p= rovided by the mod_perl add-on module (and the embedded perl interpreter th= at it carries with it).
mod_perl itself "insinuates itself" fairly deeply into Apache, so= that many times you can do the same things as what C add-on modules achiev= e (or even more things), but mod_perl add-on modules and C add-on modules d= o not always "cooperate" so well with eachother.

In the latest Apache 2.x versions, the various mod_authxxxx C modules h= ave apparently been rewritten so that they cooperate with eachother well.On the other hand, Apache::DBI is older, and does not cooperate so nicely= with the others.
So you shouldn't mix the two types of add-ons, at least not when it is = within the same Apache "authentication phase".

This was a = very summary explanation, and probably quite insufficient from a purist tec= hnical point of view.  If you need more details, ask and I'll try.= =20



-----------------------------------------= ----------------------------
The official User-To-User support forum of = the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.= html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
 "=   from the digest: users-digest-unsubscribe@httpd.apache.org<= br> For additional commands, e-mail: users-help@httpd.apache.org

<= /blockquote>

------=_Part_23853_15370135.1224688353247--