You're an idiot!Sorry, just wanted to save you guys the trouble. I am an idiot (missing allow from all in the directory entry, and don't need :443 vhost), and I thank you for not pointing it out to me until I could figure it out for myself.
Tom Hart wrote:
Hey guys. I finally got ldap authentication working, and I finally got SSL working, now I have a slightly more complicated issue. What I would like to happen is if a user tries to access the intranet through a non-ssl connection (http://server) it should serve a page that basically says "Please use ssl, you'll be redirected in 10 seconds" (that page is made and works). However if they do that I want it to not auth at all (right now everything has ldap auth setup) until it goes to the ssl connection. Here's the relevant parts of httpd.conf from my failed attempt. Any suggestions?Oh btw, http:// gives me a 403 forbidden, and https:// gives me a pop-up saying "server has sent an incorrect or unexpected message. Error code -12263". I have gotten this to work a bit, where the ssl works again, but it still auths on non-ssl.DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"Alias /spooldir "C:/data/SPOOLDIR/" Alias /database "C:/data/Finops/Database/Data/Current"Alias /nonssl "C:/Program Files/Apache Software Foundation/Apache2.2/nonssl"NameVirtualHost *:80 NameVirtualHost *:443 <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all Satisfy all </Directory><Directory "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs">Options Indexes FollowSymLinks AllowOverride None Order deny,allow AuthType Basic AuthName "Intranet" AuthBasicProvider ldap AuthzLDAPAuthoritative offAuthLDAPUrl "ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local?sAMAccountName";AuthLDAPBindDN "cn=cu_apache_auth,cn=Users,dc=coopfed,dc=local" AuthLDAPBindPassword "********" Require valid-user </Directory><Directory "C:/Program Files/Apache Software Foundation/Apache2.2/nonssl">Options Indexes FollowSymLinks Order allow,deny </Directory> <Directory "C:/data/spooldir"> Order deny,allow AuthType Basic AuthName "Intranet" AuthBasicProvider ldap AuthzLDAPAuthoritative offAuthLDAPUrl "ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local?sAMAccountName";AuthLDAPBindDN "cn=cu_apache_auth,cn=Users,dc=coopfed,dc=local" AuthLDAPBindPassword "********" Require valid-user </Directory> <Directory "C:/data/Finops/Database/Data/Current"> Order deny,allow AuthType Basic AuthName "Database" AuthBasicProvider ldap AuthzLDAPAuthoritative offAuthLDAPUrl "ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local?sAMAccountName";AuthLDAPBindDN "cn=cu_apache_auth,cn=Users,dc=coopfed,dc=local" AuthLDAPBindPassword "********" Require ldap-user "tomhart" </Directory> <VirtualHost *:80> ServerName cheDocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/nonssl"</VirtualHost> <VirtualHost *:443> ServerName cheDocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"</VirtualHost> ---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|