Apache 2.4 / Basic authentication using LDAP, 500 error occured when wrong user or password.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm using CentOS 8 Stream + Apache 2.4 + Subversion + openldap.
I want to allow access to SVN only for users who belong to a specific
LDAP group (svn-users) using basic authentication.

I have a problem.
I get a 500 Internal Server Error, when I enter wrong ID or Password
to basic authentication dialog in the browser.
In this case, basic authentication dialog doesn't reappear.
To retry input ID and Passwrod, I must restart the browser.
I expected basic authentication dialog reappar.

When 500 error occured, "AH01796: AuthType Basic configured without
corresponding module" appears in my error_log.
But auth_basic_module  is included in "httpd -t -M".

I don’t know what is wrong.
Does anyone know how to solve this error?


# config
----------------------------------------
<Location /svn/svn-test>
    DAV svn
    SVNPath /usr/local/svn/svn-test
    LogLevel debug

    AuthLDAPBindDN <MyAdmin>
    AuthLDAPBindPassword <MyAdminPassword>
    LDAPReferrals off
    AuthLDAPBindAuthoritative off
    AuthType Basic
    AuthName "Subversion repository(LDAP)"
    AuthBasicAuthoritative off
    AuthUserFile /dev/null
    AuthBasicProvider ldap
    AuthzSVNAccessFile /usr/local/svn/svn-test/authzsvn.conf
    AuthLDAPGroupAttributeIsDN off
    AuthLDAPGroupAttribute memberUid
    AuthLDAPUrl ldap://192.168.100.110/ou=People,dc=my,dc=svn,dc=local?uid
    Require ldap-group cn=svn-users,ou=Groups,dc=my,dc=svn,dc=local
</Location>
----------------------------------------

# error_log
----------------------------------------
[Tue Jul 20 21:55:55.187406 2021] [authz_svn:info] [pid 195900:tid
140586669557504] [client 192.168.100.120:56967] Access granted: - GET
(null)
[Tue Jul 20 21:55:55.187474 2021] [authz_core:debug] [pid 195900:tid
140586669557504] mod_authz_core.c(820): [client 192.168.100.120:56967]
AH01626: authorization result of Require ldap-group
cn=svn-users,ou=Groups,dc=my,dc=svn,dc=local: denied (no authenticated
user yet)
[Tue Jul 20 21:55:55.187484 2021] [authz_core:debug] [pid 195900:tid
140586669557504] mod_authz_core.c(820): [client 192.168.100.120:56967]
AH01626: authorization result of <RequireAny>: denied (no
authenticated user yet)
[Tue Jul 20 21:55:58.763087 2021] [authz_core:debug] [pid 195900:tid
140586635986688] mod_authz_core.c(820): [client 192.168.100.120:56967]
AH01626: authorization result of Require ldap-group
cn=svn-users,ou=Groups,dc=my,dc=svn,dc=local: denied (no authenticated
user yet)
[Tue Jul 20 21:55:58.763150 2021] [authz_core:debug] [pid 195900:tid
140586635986688] mod_authz_core.c(820): [client 192.168.100.120:56967]
AH01626: authorization result of <RequireAny>: denied (no
authenticated user yet)
[Tue Jul 20 21:55:58.763159 2021] [authnz_ldap:debug] [pid 195900:tid
140586635986688] mod_authnz_ldap.c(523): [client
192.168.100.120:56967] AH01691: auth_ldap authenticate: using URL
ldap://192.168.100.110/ou=People,dc=my,dc=svn,dc=local?uid
[Tue Jul 20 21:55:58.765260 2021] [authnz_ldap:debug] [pid 195900:tid
140586635986688] mod_authnz_ldap.c(561): [client
192.168.100.120:56967] AH01694: auth_ldap authenticate: user svnuser
authentication failed; URI /svn/svn-test/ [ldap_simple_bind() to check
user credentials failed][Invalid credentials] (not authoritative)
[Tue Jul 20 21:55:58.765297 2021] [authn_core:error] [pid 195900:tid
140586635986688] [client 192.168.100.120:56967] AH01796: AuthType
Basic configured without corresponding module
----------------------------------------

# module include
----------------------------------------
[root@my-redmine conf.d]]# httpd -t -M | grep auth
 auth_basic_module (shared)
 auth_digest_module (shared)
 authn_anon_module (shared)
 authn_core_module (shared)
 authn_dbd_module (shared)
 authn_dbm_module (shared)
 authn_file_module (shared)
 authn_socache_module (shared)
 authz_core_module (shared)
 authz_dbd_module (shared)
 authz_dbm_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_owner_module (shared)
 authz_user_module (shared)
 authnz_ldap_module (shared)
 authz_svn_module (shared)
[root@my-redmine conf.d]]#
----------------------------------------

I asked this question in ServerFault, but no one answer to me yet.
https://serverfault.com/questions/1070167/apache-2-4-and-ldap-basic-authentication-issues

I tryed below.
-----------------------------------------
LDAPReferrals on/off
https://stackoverflow.com/questions/29378054/configuring-ldap-on-apache-2-4-on-a-window-server-authenticating-against-anothe

AuthBasicAuthoritative on/off
https://www.spinics.net/lists/apache-users/msg115998.html

I'm not using ldaps
https://stackoverflow.com/questions/48280297/converting-apache-2-2-to-apache-2-4-ldap-authentication
-----------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux