httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars <sunb...@gmail.com>
Subject Re: [users@httpd] mod_authnz_ldap not working?
Date Fri, 09 Jan 2009 14:03:04 GMT
Hi

I have just gone trough the process of setting up ldapz. Here is my
working configuration, maybe you can use some of it... ?
I have used it in an .htaccess file, but it should not be much difference.
Note: This is for microsoft AD, so you should not need to define that
weird port..

<FilesMatch ^network>
	Order deny,allow
	Deny from All
	AuthName "Only IT"
	AuthType Basic
	AuthBasicProvider ldap
	AuthzLDAPAuthoritative off
	AuthLDAPURL "ldap://ldap:3268/OU=RR,DC=ad,DC=ourdomain,DC=com?sAMAccountName?sub?(memberOf=CN=it_dep,OU=Mailing
lists,OU=RR,DC=ad,DC=ourdomain,DC=com)"
	AuthLDAPBindDN "CN=ldapread,OU=Service users,OU=It,DC=ad,DC=ourdomain,DC=com"
	AuthLDAPBindPassword pAss_w0rd
	Require valid-user
	Satisfy any
</FilesMatch>


And offcouse you need to:
	LoadModule authz_svn_module	modules/mod_authz_svn.so
	LoadModule ldap_module		modules/mod_ldap.so


Hope this helps..

Regard
  Lars

On Fri, Jan 9, 2009 at 2:00 PM, Wulf Kaiser
<wulf.kaiser@mpimf-heidelberg.mpg.de> wrote:
> Hi Eric,
>
> <AuthnProviderAlias ldap group1-access>
>
> ldap://ldap.mydomain.de:389/ou=people,dc=mydomain,dc=de?uid?sub?(objectClass=*)
> </AuthnProviderAlias>
>
> <Location /etc/misc/downloads/disk_install>
>    AuthType Basic
>    AuthName "Download Area - Disk Images"
>    AuthBasicProvider group1-access
>    AuthLDAPGroupAttribute memberUid
>    AuthLDAPGroupAttribute uniqueMember
>    AuthLDAPGroupAttribute member
>    Require ldap-group cn=group1,ou=group,dc=mydomain,dc=de
>    Prder allow,deny
>    Allow from all
>    Satisfy All
> </Location>
>
> with the same result: nothing & still ignoring (no log entries)
>
> Eric Covener schrieb:
>>
>> On Fri, Jan 9, 2009 at 7:35 AM, Wulf Kaiser
>> <wulf.kaiser@mpimf-heidelberg.mpg.de> wrote:
>>>
>>> Hi Eric,
>>>
>>> thanks in advance. I tried that by setting
>>>   ....
>>>   Order deny,allow
>>>   Deny from all
>>>   Satisfy any
>>> </Directory>
>>>
>>> but without result :-((
>>>
>>> I am currently tailing -f the httpd error logs in debug mode, and also
>>> the
>>> LDAP logs, but i do not get more out of them then a pain in the eye...
>>>
>>> It really seems as mod_(autnz)_ldap is simply ignored.
>>
>>
>> Any chance you're blowing this config away implicitly by a Location
>> container that matches (with e.g. allow from all?)  I would recommend
>> Satisfy All while testing.
>>
>
> --
> Grüße,
>
> Wulf Kaiser
> ___________________________
>
> IT Services - Web & Database Development
> Webmaster www.mpimf-heidelberg.mpg.de
>
> Max-Planck-Institut für medizinische Forschung
> Jahnstrasse 29 - 69120 Heidelberg
> Fon +49 6221 486560    Fax +49 6221 486561
>
> SHA1 Fingerprint:
> 6a a7 67 d6 e0 21 d1 59 d1 73 20 fb e8 b4 d9 51 ac aa 6d 17
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message