1] The mysql protected area below works as expected. entering a bad password or unknown user produces the correct response. [Fri Jan 27 19:34:10 2006] [error] [client 129.98.98.98] user jones: password mismatch: /area51/ [Fri Jan 27 19:34:18 2006] [error] [client 129.98.98.98] MySQL user not found: /area51/
2] The LDAP protected area works but it NEEDS to have the mysql directives in place with AuthMysqlEnable set to off otherwise the server returns the following error:
[Fri Jan 27 19:15:03 2006] [error] [client 129.98.98.98] MySQL user jones not found: /area52 [Fri Jan 27 19:15:59 2006] [error] [client 129.98.98.98] MySQL ERROR: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
It's as if mod_auth_mysql is "stuck" in memory. With the mysql directives in place the realm is properly protected.
3] The problem is in the third realm with LDAP not "failing through" to MYSQL. The server always ignores LDAP regardless of the AuthLDAPAuthoritative or AuthMySQLAuthoritative settings. Swapping the order of the LDAP and MYSQL directives has no effect. A bad password always results in:
[Fri Jan 27 19:52:41 2006] [error] [client 129.98.98.98] user jones: password mismatch: /area53
. . . which is the mysql error return.I know that the module load order is NOT supposed to matter but systematically changing the load order of mod_auth_mysql and mod_ladp/mod_auth_ldap produces the opposite results. The end result is that that the MYSQL-LDAP protected realm does not "fail through" properly.
4] I've scoured the web, groups and blogs for any hint in using both mod_auth_ldap together with mod_auth_mysql to protect a realm. I'm now considering looking at Apache2.2
Any hint or area to look at would be much appreciated! System stats ------------ OS=OS-X [10.3.9] Apache = 2.0.55 mod_auth_ldap, mod_ldap = [apache's own module] mod_auth_mysql = 3.0 [sourceforge] Extracts from http.conf = ------------------------- # Dynamic Shared Object (DSO) Support LoadModule mysql_auth_module modules/mod_auth_mysql.so LoadModule access_module modules/mod_access.so LoadModule auth_module modules/mod_auth.so LoadModule ldap_module modules/mod_ldap.so LoadModule auth_ldap_module modules/mod_auth_ldap.so LoadModule include_module modules/mod_include.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule mime_module modules/mod_mime.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule asis_module modules/mod_asis.so #LoadModule info_module modules/mod_info.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so LoadModule imap_module modules/mod_imap.so LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule php5_module modules/libphp5.so <Directory /> Options FollowSymLinks AllowOverride None allow from all </Directory> <Directory /usr/local/apache2/htdocs/mysqlProtected> Options FollowSymLinks AuthType Basic AuthName "area51-MySQL protected" AuthMySQLHost xxx.xxxx.xxx.xxx AuthMySQLUser httpd AuthMySQLPassword xxxxx AuthMySQLDB http_auth AuthMysqlUserTable mysql_auth AuthMySQLNameField username AuthMySQLPasswordField passwd AuthMysqlGroupTable mysql_groups AuthMySQLGroupField groups AuthMySQLAuthoritative on AuthMySQLEnable on #AuthMySQLNoPasswd off AuthMySQLPwEncryption crypt require group administration </Directory> <Directory /usr/local/apache2/htdocs/ldapProtected> Options FollowSymLinks AuthType Basic AuthName "ldap secured - area 52"#Disabled mod_auth_mysql place holder- this has to do with the way mod_auth_mysql #sits in memory. Will not work any other way. mysql vs ldap order not important.
#Very strange. AuthMySQLAuthoritative off AuthMySQLHost xxx.xxxx.xxx.xxx AuthMySQLUser httpd AuthMySQLPassword xxxxx AuthMySQLDB http_auth AuthMysqlUserTable mysql_auth AuthMySQLNameField username AuthMySQLPasswordField passwd AuthMysqlGroupTable mysql_groups AuthMySQLGroupField groups AuthMySQLEnable off #AuthMySQLNoPasswd off AuthMySQLPwEncryption crypt require group meduser teaching_faculty testing administration #allow authenticated access - ldap AuthLDAPURL ldap://xxxx.xxxx.xxx.xxx:389/ou=people,dc=xxxx,dc=xxx,dc=xxx AuthLDAPAuthoritative on require valid-user </Directory> <Directory /usr/local/apache2/htdocs/area53> Options FollowSymLinks AuthType Basic AuthName "LDAP and mysql secured area 53" #mod_auth_ldap AuthLDAPAuthoritative offAuthLDAPURL "ldap://xxxx.xxxx.xxx.xxx:389/ou=people,dc=xxxx,dc=xxx,dc=xxx";
require valid-user #mod_auth_mysql AuthMySQLHost xxx.xxxx.xxx.xxx AuthMySQLUser httpd AuthMySQLPassword xxxxx AuthMySQLDB http_auth AuthMysqlUserTable mysql_auth AuthMySQLNameField username AuthMySQLPasswordField passwd AuthMysqlGroupTable mysql_groups AuthMySQLGroupField groups AuthMySQLAuthoritative On AuthMySQLEnable on #AuthMySQLNoPasswd on AuthMySQLPwEncryption crypt require group administration </Directory> Regards, bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|