[users@httpd] Re: authnz_ldap problem (semi-solved)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Well, I managed to get authentication working, but not by using require valid-user. If I change it from valid user to ldap-user and specify a user, that works, however it is a bit cumbersome. I can also get it to work more to my liking if I change the require statement to, say:

require ldap-attribute objectClass=shadowAccount

For my purposes this will suit me, but I still find it irritating that I couldn't (for whatever reason) get it to work with valid-user.


Ed Zaborowski wrote:
Hello,

I've been using Apache for some time, and recently ran into an issue that is causing me to pull my hair out.

I have set up a server, well more specifically a Location, to utilize LDAP Authentication. However, when I surf to the URL, I am prompted time and time again, with seemingly no end, when I use correct credentials, with no information in the error_logs. When I using an incorrect password, I get the message:  user ed: authentication failure for "/svn": Password Mismatch

I've tried using just file authentication, and that works fine, however, I prefer not to go that route. I've also removed the limit directives (as well as the authentication directives), and I was allowed unfettered access to the directory, as I would expect, with no errors.

I am really at a loss, and I've tried everything I can think of, multiple times. If anyone has any ideas as to what I am doing wrong, and/or how to fix it, I'd really appreciate the help. Please see below for my config excerpts.

Thanks,
--Z

Piece of my httpd.conf:
<Location  /svn>
                DAV svn
                SVNPath /subversion/project
                <Limit GET PROPFIND PUT POST DELETE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
                        AuthBasicProvider ldap
                        AuthType Basic
                        AuthName "Subversion Repository"
                        AuthLDAPURL ldap://127.0.0.1/ou=mail,dc=mydomain,dc=net?uid?one?(objectClass=shadowAccount)
                        require valid-user
                </Limit>
</Location>

The LDAP account I am using:
dn: uid=ed,ou=mail,dc=mydomain,dc=net
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: person
objectClass: qmailUser
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
accountStatus: active
uid: ed
displayName: Edward Zaborowski
homeDirectory: /home/ed
uidNumber: 5000
gidNumber: 100
shadowLastChange: 13307
gecos: Edward Zaborowski,,,,
cn: Edward Zaborowski
sn: Zaborowski
givenName: Edward
loginShell: /bin/bash

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux