httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: [users@httpd] mod_auth_kerb and mod_authnz_ldap
Date Sat, 06 Dec 2008 15:05:27 GMT
On Sat, Dec 6, 2008 at 1:51 AM, Jesper Krogh <jesper.krogh@gmail.com> wrote:
> On Fri, Dec 5, 2008 at 11:48 PM, Eric Covener <covener@gmail.com> wrote:
>> On 12/5/08, Jesper Krogh <jesper.krogh@gmail.com> wrote:
>>
>>>                 Require ldap-group CN=TestGroup,OU=Groups,OU=Company
>>>                 require valid-user
>>
>> Require directives are OR'ed not AND'ed, despite the way "require" sounds.
>
> Removing the "require valid-user" from the configurataion changes the
> error message to:
> [Sat Dec 06 07:49:26 2008] [debug] mod_authnz_ldap.c(852): [client
> 10.194.134.5] [22264] auth_ldap authorise: authorisation denied
>
> But It still lets people in instead of sending a 401 page.

Weird on a few fronts, are you sure this log entry corresponds to the 200?

1)  "AuthzLDAPAuthoritative off" means you should see "declining to
authorise" instead of "authorization denied"
2) Once you see this message, i don't think any other module would be
have a chance to flip it to a 200

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message