Hi folks,
I'm having a problem with my first attempts to migrate a 2.0 server to 2.2, specifically with the LDAP configuration I'm using. I have a somewhat convoluted directory structure, with different permissions for different directories. My problem can be summed up with the configuration in httpd-vhosts.conf (see below); my actual configuration has additional Directory sections, some of which have multiple "require ldap-users" and "require ldap-groups", but the two I've copied here are able to recreate the problem.
<AuthnProviderAlias ldap ldap-site>
AuthLDAPURL ldap://*****/o=root?uid??(objectClass=inetOrgPerson)
AuthLDAPDereferenceAliases never
</AuthnProviderAlias>
<VirtualHost *:80>
ServerName docsite.sgi.sk.ca
DocumentRoot "/my/directory/htdocs"
<Directory "/my/directory/htdocs">
Options Indexes FollowSymLinks Includes
AllowOverride None
AuthBasicProvider ldap-site
AuthName "Login Now Please"
AuthType Basic
AuthzLDAPAuthoritative off
require valid-user
Order allow,deny
Allow from 10.0.0.8 10.0.1.9
Satisfy any
</Directory>
<Directory "/my/directory/htdocs/Infrastructure/private">
AuthBasicProvider ldap-site
AuthName "Login Now Please"
AuthType Basic
AuthzLDAPAuthoritative on
require ldap-group cn=mygroup,ou=container,ou=container,o=root
Order allow,deny
Allow from 10.0.0.8 10.0.1.9
Satisfy any
</Directory>
</VirtualHost>
The problem is that using this configuration I can sign in to the root of the site no problem, but when I try getting in to the private directory that is more restrictive apache throws errors like "access to /Infrastructure/private/index.html failed, reason: require directives present and no Authoritative handler." My understanding of the AuthzLDAPAuthoritative directive from the documentation is that if I'm using "require valid-user" I need to set it to off, but if I'm using "require ldap-user" or "require ldap-group" I need to set it to on; I'm doing so but it doesn't seem to be working as I expected it to. I can't find any mention on the net of anyone else experiencing this problem after they get the AuthzLDAPAuthoritative thing under control, so I'm assuming I'm missing something simple but I can't see what it is.
Any help would be appreciated!
Thanks,
Jeff Eggen
IT Analyst
Saskatchewan Government Insurance
Ph (306) 751-1795
email jeggen@xxxxxxxxx
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee, please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that using, disclosing, copying or distributing the contents of this information is strictly prohibited.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|