help with mod_authz_ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,
  I'm having a bit of trouble getting mod_authz_ldap to work.  I have my OU layout and my posix groups layout included.  I'm simply trying to authenticate the user "tnine" against the group 
cn=development,ou=Groups,dc=arocksoftware,dc=com

I receive the following error, so I'm obviously not getting authorized

auth_ldap authenticate: user tnine authentication failed; URI /vcproject/ [ldap_search_ext_s() for user failed][No such object]


I have the following settings in my authorization directive.  But I have several questions.  Any help would be greatly appreciated.

1. I'm using a posixGroup, is that not possible?
2. I have set the log level to debug, but I only get the above line in the error_log.  I'd like to see the query string its issuing, is that possible?
3. I thought that by setting the AuthLDAPGroupAttribute it would find my username and authenticate me, is that not correct?

Thanks in advance for the help.

Todd

subversion.conf file

<Location />
   DAV svn
   SVNParentPath /srv/svnrepos

   # Limit write permission to list of valid users.
   # Require SSL connection for password protection.
   # SSLRequireSSL

   AuthType Basic
   AuthName "ARock Software Subversion"
   AuthBasicProvider            ldap

   AuthLDAPURL ldap://ldap:389/
   require ldap-group cn=development,ou=Groups,dc=arocksoftware,dc=com
   AuthzLDAPAuthoritative on
   AuthLDAPGroupAttribute memberUid
   AuthzLDAPLogLevel debug
   Require valid-user
</Location>


Dump of openldap schema
dn: dc=arocksoftware,dc=com
objectClass: dcObject
objectClass: organization
dc: arocksoftware

o: Arock Software

dn: cn=Manager,dc=arocksoftware,dc=com
cn: Manager
objectClass: organizationalRole
objectClass: top

dn: ou=Groups,dc=arocksoftware,dc=com
ou: Groups
objectClass: organizationalUnit

objectClass: top

dn: cn=development,ou=Groups,dc=arocksoftware,dc=com
cn: development
gidNumber: 1001
objectClass: posixGroup
objectClass: top
memberUid: tnine

dn: ou=People,dc=arocksoftware,dc=com

ou: People
objectClass: organizationalUnit
objectClass: top

dn: ou=Customers,ou=People,dc=arocksoftware,dc=com
ou: Customers
objectClass: organizationalUnit
objectClass: top

dn: ou=Employees,ou=People,dc=arocksoftware,dc=com

ou: Employees
objectClass: organizationalUnit
objectClass: top

dn: cn=Todd Nine,ou=Employees,ou=People,dc=arocksoftware,dc=com
givenName: Todd
sn: Nine
cn: Todd Nine
uid: tnine
uidNumber: 1000

gidNumber: 1000
homeDirectory: /home/users/development/ne
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {SHA}removed

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux