httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eduardo Mayoral <emayo...@arsys.es>
Subject Re: [users@httpd] Assistance with file + ldap auth config moving from httpd 2.2 to 2.4
Date Mon, 16 Oct 2017 08:16:23 GMT
Thanks to everybody for their support. With trace8 loglevel I saw the
problem was with the Active directory group membership. I reverted to
what I was using in apache 2.2 for that part:

Require ldap-filter memberOf:1.2.840.113556.1.4.1941:=cn=XymonAccess,OU=Aplicaciones,OU=Usuarios,DC=arsyslan,DC=es

Also, I removed AuthBasicAuthoritative off because it caused non-existent users to produce
a 500 error instead of a 401.

Again, thank you very much for the help!

Eduardo Mayoral Jimeno (emayoral@arsys.es)
Administrador de sistemas. Departamento de Plataformas. Arsys internet.
+34 941 620 145 ext. 5153

On 13/10/17 18:10, Eric Covener wrote:
> Can you crank up the loglevel to trace8? I believe there are some
> spurious error messages when authz modules are reporting their
> individual results vs. getting rolled up to RequireAny.
>
> On Fri, Oct 13, 2017 at 11:46 AM, Eduardo Mayoral <emayoral@arsys.es> wrote:
>> Hi, Eric,
>>
>>     Thanks for your fast answer. The reason for the provider aliases is
>> that once I get this config working I would like to re-use it for about
>> 6 different directories.
>>
>>     However, I have tried to flatten the configuration according to your
>> suggestion. I repeated the tests, exact same result. Flattened config
>> follows:
>>
>>       AuthType Basic
>>       AuthName "Xymon user"
>>
>>       AuthBasicProvider file ldap
>>       AuthBasicAuthoritative off
>>
>>       AuthLDAPURL "ldap://REDACTED:3268
>> REDACTED:3268/DC=arsyslan,DC=es?sAMAccountName?sub?(objectClass=*)" NONE
>>       AuthLDAPBindDN "REDACTED@arsyslan.es"
>>       AuthLDAPBindPassword "REDACTED"
>>       AuthLDAPGroupAttributeIsDN on
>>       AuthLDAPGroupAttribute member
>>       AuthLDAPMaxSubGroupDepth 3
>>
>>       AuthUserFile /etc/xymon/xymonusers.htpasswd
>>       AuthGroupFile /etc/xymon/xymongroups.htpasswd
>>
>>
>>       <RequireAny>
>>         Require group XymonUsers
>>         Require ldap-group
>> cn=XymonAccess,OU=Aplicaciones,OU=Usuarios,DC=arsyslan,DC=es
>>       </RequireAny>
>>
>>
>> Eduardo Mayoral Jimeno (emayoral@arsys.es)
>> Administrador de sistemas. Departamento de Plataformas. Arsys internet.
>> +34 941 620 145 ext. 5153
>>
>> On 13/10/17 16:47, Eric Covener wrote:
>>> On Fri, Oct 13, 2017 at 10:06 AM, Eduardo Mayoral <emayoral@arsys.es> wrote:
>>>> Hi,
>>>>
>>>>     I am trying to move a web application from httpd 2.2 to httpd 2.4 ,
>>> I don't think all of those provider-aliases are necessary. Did you a
>>> try a more simpler/direct port of the config?
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message