Re: [users@httpd] AuthLDAPEnabled rejected in 2.2, LDAP not being used

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] AuthLDAPEnabled rejected in 2.2, LDAP not being used
From: James Garrison <jhg@xxxxxxxxxxxxxxx>
Date: Wed, 10 May 2006 17:08:26 -0500
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
In-reply-to: <44625D13.1050401@xxxxxxxxxxxxxxx>
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
Organization: Athens Group, Inc.
References: <44625D13.1050401@xxxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.2 (Windows/20060308)

I finally found the answer:

AuthBasicProvider ldap

It would be nice if a note was included in the mod_authnz_ldap
docs indicating that this is required and giving the correct syntax,
since the mod_auth_basic doc doesn't say what to use to enable
LDAP.

James Garrison wrote:

Apache 2.2 rejects the AuthLDAPEnabled directive as a syntax error:

Syntax error on line 1036 of/home/jhg/sysconfig/bugzilla/etc/httpd/conf/httpd.conf:Invalid command 'AuthLDAPEnabled', perhaps misspelled or defined by amodule not included in the server configuration

Some googling hinted that this directive is no longer needed, so Iremovedit. Apache starts OK, but never attempts to do an LDAP query.ldapsearchhas no problem connecting to the remote LDAP server. Apache logs noerror

messages, and the BasicAuth dialog just gets presented over and over
regardless of what I enter.  tcpdump monitoring on ports 389/636 shows
traffic when using ldapsearch but nothing when trying to authenticate to
Apache.

This is a configuration that's been working for about a year on FC4 with
Apache 2.0.53.  Can someone point out how to get LDAP enabled in 2.2?

The relevant config bits are:

LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
LDAPTrustedGlobalCert CA_BASE64 /etc/pki/tls/certs/ca-bundle.crt

<VirtualHost 10.56.8.253:443>
    ServerAdmin admin@xxxxxxxxxxxx
    DocumentRoot /usr/local/mozilla/webtools/bugzilla
    ServerName bugzilla.mydomain.com
    ErrorLog logs/bugzilla-error_log
    CustomLog logs/bugzilla-access_log common

    <Directory /usr/local/mozilla/webtools/bugzilla>
        Options ExecCGI Indexes FollowSymLinks
        AllowOverride all
        AuthType Basic
        AuthName "Bugzilla"
        AuthLDAPBindDN "cn=ldapQuery,cn=Users,dc=mydomain,dc=com"
        AuthLDAPBindPassword ldapQuery

AuthLDAPURL"ldap://triton.mydomain.com/cn=Users,dc=mydomain,dc=int?samAccountName,mail?sub?(&(objectCategory=Person)(objectClass=User))"

        Require valid-user
        SetEnv PROJECT ag
    </Directory>

</VirtualHost>

Module list:

[jhg@bugzilla conf]$ httpd -M
Loaded Modules:
 core_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 auth_basic_module (shared)
 auth_digest_module (shared)
 authn_file_module (shared)
 authn_alias_module (shared)
 authn_anon_module (shared)
 authn_dbm_module (shared)
 authn_default_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 authz_owner_module (shared)
 authz_groupfile_module (shared)
 authz_dbm_module (shared)
 authz_default_module (shared)
 ldap_module (shared)
 authnz_ldap_module (shared)
 include_module (shared)
 log_config_module (shared)
 logio_module (shared)
 env_module (shared)
 ext_filter_module (shared)
 mime_magic_module (shared)
 expires_module (shared)
 deflate_module (shared)
 headers_module (shared)
 usertrack_module (shared)
 setenvif_module (shared)
 mime_module (shared)
 dav_module (shared)
 status_module (shared)
 autoindex_module (shared)
 info_module (shared)
 dav_fs_module (shared)
 vhost_alias_module (shared)
 negotiation_module (shared)
 dir_module (shared)
 actions_module (shared)
 speling_module (shared)
 userdir_module (shared)
 alias_module (shared)
 rewrite_module (shared)
 proxy_module (shared)
 proxy_balancer_module (shared)
 proxy_ftp_module (shared)
 proxy_http_module (shared)
 proxy_connect_module (shared)
 cache_module (shared)
 suexec_module (shared)
 disk_cache_module (shared)
 file_cache_module (shared)
 mem_cache_module (shared)
 cgi_module (shared)
 perl_module (shared)
 php5_module (shared)
 proxy_ajp_module (shared)
 python_module (shared)
 ssl_module (shared)
Syntax OK

LDAP client RPMs:

[jhg@bugzilla conf]$ rpm -qa|grep ldap
openldap-clients-2.3.19-4
openldap-2.3.19-4
nss_ldap-249-1
php-ldap-5.1.2-5


--
James Garrison                                Athens Group, Inc.
mailto:jhg@xxxxxxxxxxxxxxx                    5608 Parkcrest Dr
http://www.athensgroup.com                    Austin, TX 78731
SKYPE callto:jhg-athensgroup                  (512) 345-0600 x150

PGP: RSA=0x92E90A3B DH/DSS=0x498D331C


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: [users@httpd] AuthLDAPEnabled rejected in 2.2, LDAP not being used
  - From: Bill Jones

References:
- [users@httpd] AuthLDAPEnabled rejected in 2.2, LDAP not being used
  - From: James Garrison

Prev by Date: Re: [users@httpd] instaling modules
Next by Date: Re: [users@httpd] instaling modules
Previous by thread: [users@httpd] AuthLDAPEnabled rejected in 2.2, LDAP not being used
Next by thread: Re: [users@httpd] AuthLDAPEnabled rejected in 2.2, LDAP not being used
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]