Also, I do not know of an alternative for having the paassword in clear text in the file. What I did was create a new AD user (apache_validate or something along those lines) that is used only for this purpose. The user has almost no access rights, except that they can login and query ad. This is what I would recommend, as well as running apache under a seperate user account if you're not doing this already.
Melanie Pfefer wrote:
ldap-user is not viable...I will have to add all users by hand... Any other alternative? also, AuthLDAPBindPassword is written in clear text in the file...Any other alternative? Many thanks! --- Tom Hart <tomhart@xxxxxxxxxxx> wrote:authzldapauthoritative sets it such that ldap is theonly authentication that can be used. However valid-user is not seen as an ldap authentication (try ldap-user, etc.), so it needs to be able to fall back on "basic authentication" even though it is using the ldap setup to validate.Basically it's ldap, but apache thinks it's basic. Ithink that's what happens anyway.Melanie Pfefer wrote:I tried AuthZLDAPAuthoritative off and indeed it worked...now...what is the impact of disabling AuthZLDAPAuthoritative?? thanks bunches... --- Eric Covener <covener@xxxxxxxxx> wrote:On 10/26/07, Stusynski, Dan <dstusynski@xxxxxxx> wrote:Looks like you can't acccess the resource.authnz_ldap + require valid-user doesn't work as expected in 2.2.4, try AuthZLDAPAuthoritative off -- Eric Covener covener@xxxxxxxxx---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html>formore info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx___________________________________________________________Visit Yahoo! For GoodWant ideas for reducing your carbon footprint?http://uk.promotions.yahoo.com/forgood/environment.html---------------------------------------------------------------------The official User-To-User support forum of theApache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html>for more info.To unsubscribe, e-mail:users-unsubscribe@xxxxxxxxxxxxxxxx" from the digest:users-digest-unsubscribe@xxxxxxxxxxxxxxxxFor additional commands, e-mail:users-help@xxxxxxxxxxxxxxxx---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx___________________________________________________________ Yahoo! Answers - Got a question? Someone out there knows the answer. Try it now.http://uk.answers.yahoo.com/--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|