httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Admin <apache-i...@internode.com.au>
Subject [users@httpd] 2.2.9 overriding AuthBasicProvider ldap with .htaccess files
Date Tue, 11 Nov 2008 04:12:42 GMT
Hi all.

I'm trying to convert an apache 2.0 config to 2.2 where the <Directory> 
section in httpd.conf configures access via ldap, and an .htaccess file 
overrides that setting for a particular subdirectory of that space.

Here's what I'm trying to use on apache 2.2.9 (ip addresses and paths changed 
to protect the innocent)

<Directory /path/to/my/site/cgi-bin>
  AllowOverride      AuthConfig
  AuthBasicProvider ldap
  AuthName          "Default Auth"
  AuthType          Basic
AuthLDAPURL        "ldap://aa.bb.cc.dd/ou=people,dc=myplace,dc=com,dc=au?uid?one?"
  require           valid-user
  AuthzLDAPAuthoritative off
  Options           FollowSymLinks
  Order             allow,deny
  Allow             from all
</Directory>

And here's what I have in /path/to/my/site/cgi-bin/test/.htaccess:

AuthName "Local Auth"
AuthType Basic
AuthUserFile /path/to/my/site/cgi-bin/test/.htpasswd
AuthGroupFile /dev/null
require user testme1

The .htpasswd file contains one entry - that for the 'testme1' user

When only one of these settings is in place (and the other commented out) then 
the authentication seems to work fine. However with both configured neither 
set of credentials (ldap or .htpasswd based) are accepted.

Here is the debug output from the apache error log when both are enabled

[Tue Nov 11 14:26:41 2008] [debug] mod_authnz_ldap.c(377): [client 
ww.xx.yy.zz] [18978] auth_ldap authenticate: using URL 
ldap://aa.bb.cc.dd/ou=people,dc=myplace,dc=com,dc=au?uid?one?
[Tue Nov 11 14:26:41 2008] [warn] [client ww.xx.yy.zz] [18978] auth_ldap 
authenticate: user testme1 authentication failed; URI /cgi-bin/test/printenv 
[User not found][No such object]
[Tue Nov 11 14:26:41 2008] [error] [client ww.xx.yy.zz] user testme1 not 
found: /cgi-bin/test/printenv

Here's is the output when ldap auth is used and .htaccess is disabled

[Tue Nov 11 14:29:17 2008] [debug] mod_authnz_ldap.c(377): [client 
ww.xx.yy.zz] [2500] auth_ldap authenticate: using URL 
ldap://aa.bb.cc.dd/ou=people,dc=myplace,dc=com,dc=au?uid?one?
[Tue Nov 11 14:29:17 2008] [debug] mod_authnz_ldap.c(474): [client 
ww.xx.yy.zz] [2500] auth_ldap authenticate: accepting ldapguy
[Tue Nov 11 14:29:17 2008] [debug] mod_authnz_ldap.c(847): [client 
ww.xx.yy.zz] [2500] auth_ldap authorise: declining to authorise

There is no debug info in the apache log when the .htaccess auth is used and 
ldap is disabled.

From the first set of debugging info it appears authnz_ldap is still trying to 
do authentication checking even when the .htaccess should be overriding it.

Can anyone else repeat this problem or suggest the proper configuration to 
make it work.

Thanks,
Admin

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message