httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Skarpeteig <jon.skarpet...@gmail.com>
Subject [users@httpd] mog_authnz_ldap and AD
Date Wed, 17 Jun 2009 07:48:38 GMT
I use the following .htaccess file:

# Authentication realm and method:
AuthType Basic
AuthBasicProvider ldap
AuthName "Intranet"

# DN of Active Directory server
AuthLDAPUrl ldap://asdf:1234/DC=eu?sAMAccountName?sub?(objectClass=*)

# An account in the AD that has enough permissions to perform an LDAP search
AuthLDAPBindDN "CN=Testuser,DC=eu"
AuthLDAPBindPassword asdf

# When checking for group membership, use the DN of the user, not the HTTP entry
AuthLDAPGroupAttributeIsDN on

# Require groups, specifying the DN of the security group
require ldap-group CN=Access,DC=eu


# So far so good, all users inside group "Access" can now log in.
Users that are members of groups added to "Access" can not log in

# Want to add support for nested groups by the following directive
from http://httpd.apache.org/docs/trunk/mod/mod_authnz_ldap.html#reqgroup

AuthLDAPMaxSubGroupDepth 20


This gives med Internal Server Error, with the following error_log entry:

 Invalid command 'AuthLDAPMaxSubGroupDepth', perhaps misspelled or
defined by a module not included in the server configuration

Running Apache 2.2

LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so


What am I doing wrong?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message