www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Stevenson <t...@pc-tony.com>
Subject Re: Looking for an LDAP mod authz example
Date Mon, 30 Jun 2014 07:20:24 GMT

On 30 Jun 2014, at 01:30, Alan D. Cabrera <adc@toolazydogs.com> wrote:

> 
> On Jun 29, 2014, at 1:25 PM, Sam Ruby <rubys@intertwingly.net> wrote:
> 
>> On Sun, Jun 29, 2014 at 3:03 PM, Alan D. Cabrera <adc@toolazydogs.com> wrote:
>>> Can someone provide an example conf file for an httpd server to restrict access
to directories to only ASF committers and ASF members via LDAP?  Thanks!
>> 
>> https://svn.apache.org/repos/infra/infrastructure/trunk/machines/vms/whimsy-vm.apache.org/etc/apache2/sites-available/whimsy.apache.org
>> 
>> Search for "AuthName"
> 
> Perfect, thanks!
> 
> I tried to get my setup running on my laptop by replacing 
> 
> ldaps://minotaur.apache.org:636
> 
> with my tunnel:
> 
> ldaps://ldap-tunnel.apache.org:6636
> 

I presume you have this in the local hosts file, and is in fact an SSH forwarded port? 


> and 
> 
> LDAPTrustedGlobalCert CA_BASE64 /etc/openldap/asf-ldap-client.pem
> <LocationMatch ^/ezmlm/v1/asf>
>        Order allow,deny
>        Allow from all 
>        AuthType Basic
>        AuthBasicProvider ldap
>        AuthName "ASF Members"
>        AuthLDAPurl "ldaps://ldap-tunnel.apache.org:6636/ou=people,dc=apache,dc=org?uid"
>        AuthLDAPGroupAttribute memberUid
>        AuthLDAPGroupAttributeIsDN off
> 	AuthLDAPBindAuthoritative off
> 	LDAPReferrals Off
> 
>        Require ldap-group cn=member,ou=groups,dc=apache,dc=org
> </LocationMatch>
> 
> and I can't seem to log in:
> 
> [Sun Jun 29 16:43:29.512348 2014] [auth_basic:error] [pid 23730:tid 4396036096] [client
::1:50036] AH01618: user adc not found: /ezmlm/v1/asf/lists/dev@mrql.apache.org/moderators
> 
> Has anyone else been able to get "local" setups to work?

Yes, I use it every day for modifying LDAP. 

First of all, can you use the simple ldap command line tools, such as ldapsearch?  Have you
got the correct perms on the LDAP Cert?  If you get the command line stuff sorted httpd should
just fall into place. 
Though, if you have never setup LDAP connections before, while it is not terribly difficult,
perhaps you should test your configs on your ASF VM first, then once you have a known working
setup there you can transfer it to your local setup to prove you can get local access working.




> 
> 
> Regards,
> Alan
> 


Cheers,
Tony

----------------------------------
Tony Stevenson

tony@pc-tony.com
pctony@apache.org

http://www.pc-tony.com

GPG - 1024D/51047D66
----------------------------------







Mime
View raw message