Re: Apache 2.4: Users autenthication in Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le 22/05/2018 à 21:53, Christophe Jaillet a écrit :
Le 22/05/2018 à 14:14, aguayo33 a écrit :
  Hi!
Thanks in advance!
  I need help with Apache configuration to enable login through Active directory.   I want allow login if a user is member of a group contained in other group.
  Now I have this:
     Alias /nagios /opt/nagios/share
     <Directory "/opt/nagios/share">
     Options ExecCGI
     AllowOverride None
     Order allow,deny
     Allow from all
     AuthType Basic
     AuthName "Acceso restringido"
     AuthBasicProvider ldap
     AuthLDAPURL
"ldap://server/DC=domain,DC=red?sAMAccountName?sub?(objectClass=*)"
     AuthLDAPBindDN user@xxxxxxxxxx
     AuthLDAPBindPassword "xxxxxx"
     Require ldap-group CN=NAGIOS_EXP,OU=Groups,OU=Administracion
Autonomica,OU=<domain>,DC=domain,DC=red
     </Directory>

  And Can´t login. If I put: require valid-user it´s go well.

    [Mon May 21 13:36:05.060787 2018] [authnz_ldap:debug] [pid 9315]
mod_authnz_ldap.c(966): [client 10.10.10.10:51069] AH01716: auth_ldap
authorise: require group "CN=NAGIOS_EXP,OU=Groups,OU=Administracion
Autonomica,OU=<domain>,DC=domain,DC=red": failed [Comparison
complete][34 - Invalid DN syntax], checking sub-groups
     [Mon May 21 13:36:05.062229 2018] [authnz_ldap:debug] [pid 9315]
mod_authnz_ldap.c(989): [client 10.10.10.10:51069] AH01718: auth_ldap
authorise: require group (sub-group)
"CN=NAGIOS_EXP,OU=Groups,OU=Administracion
Autonomica,OU=<domain>,DC=domain,DC=red": didn't match with attr DN
failed group verification. [member][34 - Invalid DN syntax]
     [Mon May 21 13:36:05.062250 2018] [authnz_ldap:debug] [pid 9315]
mod_authnz_ldap.c(966): [client 10.10.10.10:51069] AH01716: auth_ldap
authorise: require group "CN=NAGIOS_EXP,OU=Groups,OU=Administracion
Autonomica,OU=<domain>,DC=domain,DC=red": failed [DN failed group
verification.][34 - Invalid DN syntax], checking sub-groups
     [Mon May 21 13:36:05.063471 2018] [authnz_ldap:debug] [pid 9315]
mod_authnz_ldap.c(989): [client 10.10.10.10:51069] AH01718: auth_ldap
authorise: require group (sub-group)
"CN=NAGIOS_EXP,OU=Groups,OU=Administracion
Autonomica,OU=<domain>,DC=domain,DC=red": didn't match with attr DN
failed group verification. [uniqueMember][34 - Invalid DN syntax]
     [Mon May 21 13:36:05.063481 2018] [authnz_ldap:debug] [pid 9315]
mod_authnz_ldap.c(996): [client 10.10.10.10:51069] AH01720: auth_ldap
authorize group: authorization denied for user ext-agumarjo to
/nagios/
     [Mon May 21 13:36:05.063486 2018] [authz_core:debug] [pid 9315]
mod_authz_core.c(809): [client 10.10.10.10:51069] AH01626:
authorization result of Require ldap-group
CN=NAGIOS_EXP,OU=Groups,OU=Administracion
Autonomica,OU=<domain>,DC=domain,DC=red: denied
     [Mon May 21 13:36:05.063489 2018] [authz_core:debug] [pid 9315]
mod_authz_core.c(809): [client 10.10.10.10:51069] AH01626:
authorization result of <RequireAny>: denied
     [Mon May 21 13:36:05.063492 2018] [authz_core:error] [pid 9315]
[client 10.10.10.10:51069] AH01631: user ext-agumarjo: authorization
failure for "/nagios/":

  What is I doing bad?
  THANKS!


Hi,

just my 2c as I'm not an LDAP user, but "OU=<domain>" looks spurious, because of the '<' and '>'.
Is it intended?

CJ

Also, even if un-related to your question, you should have a look at the note at the top of https://httpd.apache.org/docs/2.4/en/mod/mod_access_compat.html

In your example "Order allow,deny" and "Allow from all" should not be needed.

CJ

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux