With a lot of searching I found the correct syntax is:
AuthLDAPUrl "ldaps://evregistryprda.cyber.example.com.cyber.example.com:1636 chregistryprda.cyber.example.com.cyber.example.com:1636 evregistryprdb.cyber.example.com.cyber.example.com:1636 chregistryprdb.cyber.example.com.cyber.example.com:1636/dc=example,dc=com?uid?sub?(objectclass=*)"
Darryl Baker, GSEC (he/him/his)
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
1800 Sherman Ave.
Suite 6-600 – Box #39
Evanston, IL 60201-3715
darryl.baker@xxxxxxxxxxxxxxxx
(847) 467-6674
On 8/26/20, 2:24 PM, "Darryl Philip Baker" <darryl.baker@xxxxxxxxxxxxxxxx> wrote:
I have been experimenting and I can get the AuthLDAPURL line to work if I have only one host:port listed. 2 or more fails. Has anyone gotten multiple host:port entries in the AuthLDAPURL argument list?
The documentation says:
host:port
The name/port of the ldap server (defaults to localhost:389 for ldap, and localhost:636 for ldaps). To specify multiple, redundant LDAP servers, just list all servers, separated by spaces. mod_authnz_ldap will try connecting to each server in turn, until it makes a successful connection. If multiple ldap servers are specified, then entire LDAP URL must be encapsulated in double quotes.
Darryl Baker, GSEC (he/him/his)
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
1800 Sherman Ave.
Suite 6-600 – Box #39
Evanston, IL 60201-3715
darryl.baker@xxxxxxxxxxxxxxxx
(847) 467-6674
On 8/26/20, 10:39 AM, "Darryl Philip Baker" <darryl.baker@xxxxxxxxxxxxxxxx> wrote:
All I get is:
AH00526: Syntax error on line 131 of /opt/rh/httpd24/root/etc/httpd/conf.d/ldapdir.conf:
Bad LDAP URL while parsing.
Darryl Baker, GSEC (he/him/his)
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
1800 Sherman Ave.
Suite 6-600 – Box #39
Evanston, IL 60201-3715
darryl.baker@xxxxxxxxxxxxxxxx
(847) 467-6674
On 8/26/20, 10:36 AM, "Eric Covener" <covener@xxxxxxxxx> wrote:
On Wed, Aug 26, 2020 at 11:34 AM Darryl Philip Baker
<darryl.baker@xxxxxxxxxxxxxxxx> wrote:
>
> I am trying to port a configuration from Apache 2.2 to Apache 2.4 that is used for LDAP authentication, but I have little knowledge of LDAP. I can translate “Order deny,allow” and “Deny from All” I have found that “AuthzLDAPAuthoritative off” has been removed from Apache 2.4. I am getting a syntax error on the AuthLDAPUrl line. From one of the examples I found, do I need to change from a Directory block to a Location block?
>
>
>
> Here is what the stanza is in Apache 2.2
>
>
>
> <Directory "/usr/local/www/docs/it/snaps">
>
> Options -Indexes +FollowSymLinks +ExecCGI +Includes
>
> Order deny,allow
>
> Deny from All
>
> AuthName "Enter Your Netid and Password"
>
> AuthType basic
>
> AuthBasicProvider ldap
>
> AuthzLDAPAuthoritative off
>
> AuthLDAPBindDN "cn=sanitycheck, ou=Service, dc=example, dc=com"
>
> AuthLDAPBindPassword "tmd+pkx"
>
> AuthLDAPUrl "ldaps://evregistryprda.cyber.example.com.cyber.example.com:1636 ldaps://chregistryprda.cyber.example.com.cyber.example.com:1636 ldaps://evregistryprdb.cyber.example.com.cyber.example.com:1636 ldaps://chregistryprdb.cyber.example.com.cyber.example.com:1636/dc=example,dc=com?uid?sub?(objectclass=*)"
>
> Require valid-user
>
> Satisfy any
>
> </Directory>
>
>
Should be no difference. Can you share the verbatim error message you
get from `apachectl -t`?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
?B�KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB�?�?[��X��ܚX�K??K[XZ[?�?\�\��][��X��ܚX�P??????�\?X�?K�ܙ�B��܈?Y??]?[ۘ[??��[X[�?�??K[XZ[?�?\�\��Z?[????????�\?X�?K�ܙ�B
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|