Hi,do you have an other authorization modules (like mod_shib for shibboleth-authentication)?
We had an issue concerning require valid-user, too. I guess that if several authorization handlers are active "require valid-user" directives asks each of them for approval. At least mod_shib shows this behaviour. The fact that if you give the specific user (which determines the specific authorization authority) or a require-directive specific to an authorization module supports this assumption.
Hope this helps. Kind regards Tobias Am 24.11.2014 um 12:13 schrieb Marc Patermann:
Hi, I using the following .htaccess AuthBasicProvider ldap file AuthType Basic AuthzLDAPAuthoritative off Authname "..." AuthUserFile /srv/www/.htusers-mfAuthLDAPURL "ldap://ldapserver/ou=humans,ou=foo,c=de?mail??(mail=*@ofd-*.foo.de)"<Limit PROPFIND OPTIONS GET> #Require ldap-group ou=Benutzer-Opst,ou=gruppen,ou=humans,ou=foo,c=de #Require user k1-st-01 Require valid-user </Limit> ...The "require valid-user" does not work for ldap users. I get the following message in error_log:/var/log/apache2/error_log:[Thu Nov 21 09:40:48 2014] [error] [client 10.49.64.85] access to /documents/ failed, reason: user 'user@xxxxxx' does not meet 'require'ments for user/valid-user to be allowed accessApache is version 2.2.10If I set it to "require ldap-user user@xxxxxx" or "require ldap-group ..." it is all fine, so the ldap part does it's thing.Marc --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
-- ############################### # Tobias Adolph # # Leibniz-Rechenzentrum # # Zimmer I.2.019 # # Boltzmannstraße 1 # # 85748 Garching bei München # ############################### --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|