ldap group problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

httpd v2.2.4 from source on macos 10.4.9

I have a configuration like this.  In the first case using require
valid-user, everything works as expected.  I can authenticate users just
fine.  However, when I use the second Location block, I have problems
and cannot authorize against the group.  Any suggestions?

Thanks,
Sean


<Location /svn/>
	AuthLDAPBindDN	cn=secretuser,dc=octopus,dc=nci,dc=nih,dc=gov
	AuthLDAPBindPassword	secret
	AuthzLDAPAuthoritative off
	AuthType	basic
	AuthName	"svn repository"
	AuthBasicProvider	ldap
	AuthLDAPURL	ldap://octopus.nci.nih.gov/dc=octopus,dc=nci,dc=nih,dc=gov
	require valid-user
</Location>


<Location /svn2/>
	AuthLDAPBindDN	cn=secretuser,dc=octopus,dc=nci,dc=nih,dc=gov
	AuthLDAPBindPassword	secret
	Allow from all
	AuthzLDAPAuthoritative off
	AuthLDAPGroupAttributeIsDN off
	AuthLDAPGroupAttribute member
	AuthType	basic
	AuthName	"svn repository"
	AuthBasicProvider	ldap
	AuthLDAPURL	ldap://octopus.nci.nih.gov/dc=octopus,dc=nci,dc=nih,dc=gov
	require ldap-group cn=mpiuser,ou=group,dc=octopus,dc=nci,dc=nih,dc=gov
</Location>


Here is what the apache log shows:

[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(376): [client
137.187.209.230] [8873] auth_ldap authenticate: using URL
ldap://octopus.nci.nih.gov/dc=octopus,dc=nci,dc=nih,dc=gov
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(475): [client
137.187.209.230] [8873] auth_ldap authenticate: accepting sdavis
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(712): [client
137.187.209.230] [8873] auth_ldap authorise: require group: testing for
group membership in "cn=mpiuser,ou=group,dc=octopus,dc=nci,dc=nih,dc=gov"
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(718): [client
137.187.209.230] [8873] auth_ldap authorise: require group: testing for
member: sdavis (cn=mpiuser,ou=group,dc=octopus,dc=nci,dc=nih,dc=gov)
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(734): [client
137.187.209.230] [8873] auth_ldap authorise: require group
"cn=mpiuser,ou=group,dc=octopus,dc=nci,dc=nih,dc=gov": authorisation
failed [Comparison complete][Invalid syntax]
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(842): [client
137.187.209.230] [8873] auth_ldap authorise: declining to authorise
[Wed Jul 11 20:30:44 2007] [error] [client 137.187.209.230] access to
/svn2/apache_pb.png failed, reason: require directives present and no
Authoritative handler.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux