httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobias Adolph <Tobias.Ado...@lrz.de>
Subject Re: [users@httpd] require valid-user with ldap
Date Thu, 27 Nov 2014 07:42:07 GMT
Hi,

do you have an other authorization modules (like mod_shib for 
shibboleth-authentication)?

We had an issue concerning require valid-user, too. I guess that if 
several authorization handlers are active "require valid-user" 
directives asks each of them for approval. At least mod_shib shows this 
behaviour. The fact that if you give the specific user (which determines 
the specific authorization authority) or a require-directive specific to 
an authorization module supports this assumption.

Hope this helps.

Kind regards
Tobias

Am 24.11.2014 um 12:13 schrieb Marc Patermann:
> Hi,
>
> I using the following .htaccess
>
> AuthBasicProvider ldap file
> AuthType Basic
> AuthzLDAPAuthoritative off
> Authname "..."
> AuthUserFile /srv/www/.htusers-mf
> AuthLDAPURL 
> "ldap://ldapserver/ou=humans,ou=foo,c=de?mail??(mail=*@ofd-*.foo.de)"
> <Limit PROPFIND OPTIONS GET>
>  #Require ldap-group ou=Benutzer-Opst,ou=gruppen,ou=humans,ou=foo,c=de
>  #Require user k1-st-01
>  Require valid-user
> </Limit>
> ...
>
> The "require valid-user" does not work for ldap users. I get the 
> following message in error_log:
>
> /var/log/apache2/error_log:[Thu Nov 21 09:40:48 2014] [error] [client 
> 10.49.64.85] access to /documents/ failed, reason: user 'user@foo.de' 
> does not meet 'require'ments for user/valid-user to be allowed access
>
> Apache is version 2.2.10
>
> If I set it to "require ldap-user user@foo.de" or "require ldap-group 
> ..." it is all fine, so the ldap part does it's thing.
>
>
> Marc
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

-- 
###############################
# Tobias Adolph		      #		
# Leibniz-Rechenzentrum	      #
# Zimmer I.2.019	      #
# Boltzmannstraße 1           #	
# 85748 Garching bei München  #	
###############################


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message