Re: Assistance with file + ldap auth config moving from httpd 2.2 to 2.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eduardo,

It looks like you're trying to get it working with Xymon so you might want to ask on that list as well.  I had a heck of a time getting it to work but I ended up using mod_authnz_external.c to configure it to use PAM.  This is the config I use:

    <IfModule mod_authnz_external.c>
        # Require SSL connection for password protection.
        SSLRequireSSL

        AuthBasicProvider external file
        AuthExternal pwauth
        AuthGroupFile /etc/xymon/xymongroups
        GroupExternal unixgroup
        <RequireAll>
            # "valid-user" restricts access to anyone who is logged in.
            Require valid-user
   
            # "group xymon" restricts access to users who have logged in, AND
            # are members of the "xymon" group in xymongroups.
            Require group xymon
        </RequireAll>
    </IfModule>

While not exactly what you're doing, I hope this helps nudge you in the right direction.

=G=

On Fri, Oct 13, 2017 at 12:10 PM, Eric Covener <covener@xxxxxxxxx> wrote:
Can you crank up the loglevel to trace8? I believe there are some
spurious error messages when authz modules are reporting their
individual results vs. getting rolled up to RequireAny.

On Fri, Oct 13, 2017 at 11:46 AM, Eduardo Mayoral <emayoral@xxxxxxxx> wrote:
> Hi, Eric,
>
>     Thanks for your fast answer. The reason for the provider aliases is
> that once I get this config working I would like to re-use it for about
> 6 different directories.
>
>     However, I have tried to flatten the configuration according to your
> suggestion. I repeated the tests, exact same result. Flattened config
> follows:
>
>       AuthType Basic
>       AuthName "Xymon user"
>
>       AuthBasicProvider file ldap
>       AuthBasicAuthoritative off
>
>       AuthLDAPURL "ldap://REDACTED:3268
> REDACTED:3268/DC=arsyslan,DC=es?sAMAccountName?sub?(objectClass=*)" NONE
>       AuthLDAPBindDN "REDACTED@xxxxxxxxxxx"
>       AuthLDAPBindPassword "REDACTED"
>       AuthLDAPGroupAttributeIsDN on
>       AuthLDAPGroupAttribute member
>       AuthLDAPMaxSubGroupDepth 3
>
>       AuthUserFile /etc/xymon/xymonusers.htpasswd
>       AuthGroupFile /etc/xymon/xymongroups.htpasswd
>
>
>       <RequireAny>
>         Require group XymonUsers
>         Require ldap-group
> cn=XymonAccess,OU=Aplicaciones,OU=Usuarios,DC=arsyslan,DC=es
>       </RequireAny>
>
>
> Eduardo Mayoral Jimeno (emayoral@xxxxxxxx)
> Administrador de sistemas. Departamento de Plataformas. Arsys internet.
> +34 941 620 145 ext. 5153
>
> On 13/10/17 16:47, Eric Covener wrote:
>> On Fri, Oct 13, 2017 at 10:06 AM, Eduardo Mayoral <emayoral@xxxxxxxx> wrote:
>>> Hi,
>>>
>>>     I am trying to move a web application from httpd 2.2 to httpd 2.4 ,
>> I don't think all of those provider-aliases are necessary. Did you a
>> try a more simpler/direct port of the config?
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>



--
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux