httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wulf Kaiser <wulf.kai...@mpimf-heidelberg.mpg.de>
Subject [users@httpd] mod_authnz_ldap not working?
Date Fri, 09 Jan 2009 09:29:02 GMT
Dear fellow indians,

a happy new year!

Recently i compiled httpd-2.2.11 on my 4 Servers (SPARC Solaris 10). 
Everything went fine, without hazzles or errors. For mod_ldap and 
mod_authnz_ldap, i compiled against the OpenLDAP 2.3.39 Libraries. The 
following DSO's are loaded:

LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule version_module modules/mod_version.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule dav_module modules/mod_dav.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module        modules/libphp5.so
LoadModule perl_module modules/mod_perl.so

Then, i had to secure a subdirectory of our download area (restrict 
access to the members of a certain group only). Here's what i added to 
httpd.conf (directly below the DocumentRoot directive):

<AuthnProviderAlias ldap group1-access>
     AuthLDAPURL 
ldap://ldap.mydomain.de:389/ou=people,dc=mydomain,dc=de?uid?sub?(objectClass=*)
</AuthnProviderAlias>

<Directory /etc/misc/downloads//disk_install>
     AuthType Basic
     AuthName "Download Area - Disk Images"
     AuthBasicProvider group1-access
     AuthLDAPGroupAttribute memberUid
     AuthLDAPGroupAttribute uniqueMember
     AuthLDAPGroupAttribute member
     Require ldap-group cn=group1,ou=group,dc=mydomain,dc=de
     Deny from all
     Satisfy any
</Directory>

And - it's not working; everyone still has access to the directory. No 
Browser error's, no httpd_error.log entries, and - most curious - i 
don't see *any* requests concerning this from the web server in the LDAP 
Server Logfiles. It seems as mod_authnz_ldap would just not be loaded...

The LDAP Server is Sun Directory Server on a remote machine.

Funnily enough, my PHP-based Web forms can query LDAP - same source, 
same destination.

Querying LDAP from the commandline of thet machine also works.

Any ideas (and help) would be very, very appreciated ;-))

-- 
Best,

Wulf Kaiser
___________________________

IT Services - Web & Database Development
Webmaster www.mpimf-heidelberg.mpg.de

Max-Planck-Institut für medizinische Forschung
Jahnstrasse 29 - 69120 Heidelberg
Fon +49 6221 486560    Fax +49 6221 486561

SHA1 Fingerprint:
6a a7 67 d6 e0 21 d1 59 d1 73 20 fb e8 b4 d9 51 ac aa 6d 17


Mime
View raw message