Maybe something has changed in the ldap and/or authentication/authorization modules but the effect is same on apache 2.2.22 and 2.4.18 -> I'm not getting the basic authentication pop-up any more and the site access is unprotected.
I have the following config enabled:
<IfModule mod_ldap.c>
<AuthnProviderAlias ldap ldap1>
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL ldap://
ldap1.domain.com:389/ou=Users,dc=domain,dc=com?uid STARTTLS
AuthLDAPBindDN cn=user,ou=Users,dc=domain,dc=com
AuthLDAPBindPassword password
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN on
</AuthnProviderAlias>
<AuthnProviderAlias ldap ldap2>
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL ldap://
ldap2.domain.com:389/ou=Users,dc=domain,dc=com?uid STARTTLS
AuthLDAPBindDN cn=user,ou=Users,dc=domain,dc=com
AuthLDAPBindPassword password
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN on
</AuthnProviderAlias>
</IfModule>
and referenced in the default virtual host as:
<IfModule mod_ldap.c>
AuthBasicProvider ldap1 ldap2
AuthType Basic
AuthName "Secure access"
Require ldap-group "cn=mygroup,ou=Groups,dc=domain,dc=com"
Require valid-user
Satisfy all
</IfModule>
Even with debugging enabled all I can see in the logs is:
[Fri Apr 06 02:26:21.260285 2018] [authz_core:debug] [pid 10784:tid 140553274521344] mod_authz_core.c(809): [client
210.10.195.106:37535] AH01626: authorization result of Require all granted: granted
[Fri Apr 06 02:26:21.260367 2018] [authz_core:debug] [pid 10784:tid 140553274521344] mod_authz_core.c(809): [client
210.10.195.106:37535] AH01626: authorization result of <RequireAny>: granted
It's like the whole LDAP thing is just being ignored. I can also confirm in the LDAP server side logs the Apache server never even tries making a connection.
