httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wulf Kaiser <>
Subject [users@httpd] mod_authnz_ldap not working?
Date Fri, 09 Jan 2009 09:29:02 GMT
Dear fellow indians,

a happy new year!

Recently i compiled httpd-2.2.11 on my 4 Servers (SPARC Solaris 10). 
Everything went fine, without hazzles or errors. For mod_ldap and 
mod_authnz_ldap, i compiled against the OpenLDAP 2.3.39 Libraries. The 
following DSO's are loaded:

LoadModule authn_alias_module modules/
LoadModule authz_owner_module modules/
LoadModule authnz_ldap_module modules/
LoadModule auth_basic_module modules/
LoadModule auth_digest_module modules/
LoadModule ldap_module modules/
LoadModule version_module modules/
LoadModule ssl_module modules/
LoadModule dav_module modules/
LoadModule cgi_module modules/
LoadModule dav_fs_module modules/
LoadModule dav_lock_module modules/
LoadModule vhost_alias_module modules/
LoadModule rewrite_module modules/
LoadModule php5_module        modules/
LoadModule perl_module modules/

Then, i had to secure a subdirectory of our download area (restrict 
access to the members of a certain group only). Here's what i added to 
httpd.conf (directly below the DocumentRoot directive):

<AuthnProviderAlias ldap group1-access>

<Directory /etc/misc/downloads//disk_install>
     AuthType Basic
     AuthName "Download Area - Disk Images"
     AuthBasicProvider group1-access
     AuthLDAPGroupAttribute memberUid
     AuthLDAPGroupAttribute uniqueMember
     AuthLDAPGroupAttribute member
     Require ldap-group cn=group1,ou=group,dc=mydomain,dc=de
     Deny from all
     Satisfy any

And - it's not working; everyone still has access to the directory. No 
Browser error's, no httpd_error.log entries, and - most curious - i 
don't see *any* requests concerning this from the web server in the LDAP 
Server Logfiles. It seems as mod_authnz_ldap would just not be loaded...

The LDAP Server is Sun Directory Server on a remote machine.

Funnily enough, my PHP-based Web forms can query LDAP - same source, 
same destination.

Querying LDAP from the commandline of thet machine also works.

Any ideas (and help) would be very, very appreciated ;-))


Wulf Kaiser

IT Services - Web & Database Development

Max-Planck-Institut für medizinische Forschung
Jahnstrasse 29 - 69120 Heidelberg
Fon +49 6221 486560    Fax +49 6221 486561

SHA1 Fingerprint:
6a a7 67 d6 e0 21 d1 59 d1 73 20 fb e8 b4 d9 51 ac aa 6d 17

View raw message