Maybe something has changed in the ldap and/or authentication/authorization modules but the effect is same on apache 2.2.22 and 2.4.18 -> I'm not getting the basic authentication pop-up any more and the site access is unprotected.Hi all,I have no idea what's going on and why my setup that's been working for years suddenly stopped working so have to ask here after had done extensive debugging.
I have the following config enabled:
<IfModule mod_ldap.c>
<AuthnProviderAlias ldap ldap1>
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL ldap://ldap1.domain.com:389/ou=Users,dc=domain,dc=com?uid STARTTLS
AuthLDAPBindDN cn=user,ou=Users,dc=domain,dc=com
AuthLDAPBindPassword password
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN on
</AuthnProviderAlias>
<AuthnProviderAlias ldap ldap2>
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL ldap://ldap2.domain.com:389/ou=Users,dc=domain,dc=com?uid STARTTLS
AuthLDAPBindDN cn=user,ou=Users,dc=domain,dc=com
AuthLDAPBindPassword password
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN on
</AuthnProviderAlias>
</IfModule>
and referenced in the default virtual host as:
<IfModule mod_ldap.c>
AuthBasicProvider ldap1 ldap2
AuthType Basic
AuthName "Secure access"
Require ldap-group "cn=mygroup,ou=Groups,dc=domain,dc=com"
Require valid-user
Satisfy all
</IfModule>Even with debugging enabled all I can see in the logs is:
[Fri Apr 06 02:26:21.260285 2018] [authz_core:debug] [pid 10784:tid 140553274521344] mod_authz_core.c(809): [client 210.10.195.106:37535] AH01626: authorization result of Require all granted: granted
[Fri Apr 06 02:26:21.260367 2018] [authz_core:debug] [pid 10784:tid 140553274521344] mod_authz_core.c(809): [client 210.10.195.106:37535] AH01626: authorization result of <RequireAny>: grantedIt's like the whole LDAP thing is just being ignored. I can also confirm in the LDAP server side logs the Apache server never even tries making a connection.What can be the problem? Any ideas?Thanks