-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Marc, On 11/27/14 2:42 AM, Tobias Adolph wrote: > do you have an other authorization modules (like mod_shib for > shibboleth-authentication)? > > We had an issue concerning require valid-user, too. I guess that if > several authorization handlers are active "require valid-user" > directives asks each of them for approval. At least mod_shib shows > this behaviour. The fact that if you give the specific user (which > determines the specific authorization authority) or a > require-directive specific to an authorization module supports > this assumption. I have LDAP working without file-based fallback, but I'm using "Require ldap-group" instead of "Require [somethingelse]". Our configuration is so old I can't remember if I actually fought httpd's configuration and settled for ldap-group or if I just never tried anything else (like Require valid-user). - -chris > Am 24.11.2014 um 12:13 schrieb Marc Patermann: >> Hi, >> >> I using the following .htaccess >> >> AuthBasicProvider ldap file AuthType Basic >> AuthzLDAPAuthoritative off Authname "..." AuthUserFile >> /srv/www/.htusers-mf AuthLDAPURL >> "ldap://ldapserver/ou=humans,ou=foo,c=de?mail??(mail=*@ofd-*.foo.de)" >> >> <Limit >> PROPFIND OPTIONS GET> >> #Require ldap-group >> ou=Benutzer-Opst,ou=gruppen,ou=humans,ou=foo,c=de #Require user >> k1-st-01 Require valid-user </Limit> ... >> >> The "require valid-user" does not work for ldap users. I get the >> following message in error_log: >> >> /var/log/apache2/error_log:[Thu Nov 21 09:40:48 2014] [error] >> [client 10.49.64.85] access to /documents/ failed, reason: user >> 'user@xxxxxx' does not meet 'require'ments for user/valid-user >> to be allowed access >> >> Apache is version 2.2.10 >> >> If I set it to "require ldap-user user@xxxxxx" or "require >> ldap-group ..." it is all fine, so the ldap part does it's >> thing. >> >> >> Marc >> >> --------------------------------------------------------------------- >> >> To >> unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUdysVAAoJEBzwKT+lPKRYC3sQAJlnnU7z1KK4i1UaaBNGO16k iNleVv8OXNg5OZo04/O8ZNtF9OBXIWiqqsN8hP4Oepfcvs1e2JgZpshHUN9KUkUS o+8FwbAIpbgFPgFZkd7XsEb4aZAZQEW0OAylbIb8ur0C4/Q3bEOazf/a3BUJB6x8 00OVSQBzN46/o9PReYh7mB0sOXCMVHZbZy3LJ2iOJvWJonm6iGuPwifT7JdakVYr yZP1zbuR86GPhTd6IjoV3qxS0+gMThu5ziIJ1IkGbUpkekBxrOt0Ra0bmN3NNHxU SJdsa4FCMergjUvlfDWqgPwBC0atD9nU6lEOS11+uvloHQofd7Y3CNu7q6m5c+S6 xnweNUMEctBhQpQgNzuMgByHB8j6/lqQjezOt6aZ/dhGVWQZ3h6Eeo0bA73B0sLp AXh31udkfj4QLrSJGNXSOOfQqZ8jLxvmaAmXvDXovUVPkD8+WbAojOSTGgUAyX4W QoaC/UPE8FTuVheFzYI3CZDwuk7o6Pa1b9ojPF6vheC9xCp4U8FED7KCp0PnnOpm h58Wn6Tie7CPF8xzleGAF1axRBEJZDTq0IDoCnihCxyaT+AlFU6XAcv+WHf5bLFC H8lwg1luY6wgslyIUfhM5LsFeuU9RPYJfsTyZrR+iEEuq7u+rESQrXctXTsCSVKT mSaQ2dYgw+r8AASOYR3O =Vj2e -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|