Hello, I have a server with Apache (v2.2.8) configured to use mod_jk (1.2.26) to communicate with Tomcat (6.0.16) I am using LDAP to provide basic authentication. I configured mod_jk to provide status information in the URLs /private/admin/watch/jk and /private/admin/manage/jk as shown in the uriworkermap.properties file at the end of this message. I also included my workers.properties file. In my tests, I am able to protect the URLs of the Tomcat Example application using the segment below. I do get asked to provide the LDAP credentials by the browser when requesting pages from the example application. <Location /examples/* > AuthType basic AuthName "LDAP credentials" AuthBasicProvider ldap AuthLDAPUrl ldaps://ldap.example.com:636/ou=people,dc=example,dc=com?uid?sub?(object Class=inetOrgPerson) AuthzLDAPAuthoritative on AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off Require ldap-group cn=regular-users,ou=groups,dc=example,dc=com </Location> But I have not been able to protect the URIs of the mod_jk status. Anybody knowing the URL can access the pages. Below is the segment I am using to protect the mod_jk pages, nevertheless I don't get asked for a user name and password at all. <Location /private/* > AuthType basic AuthName "LDAP credentials" AuthBasicProvider ldap AuthLDAPUrl ldaps://ldap.example.com:636/ou=people,dc=example,dc=com?uid?sub?(object Class=inetOrgPerson) AuthzLDAPAuthoritative on AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off Require ldap-group cn=super-users,ou=groups,dc=example,dc=com </Location> Is there anything special about protecting content provided by an Apache module? Any help or pointers are appreciated. -Jorge ######## uriworkermap.properties ############################## # This file provides mapping for the wlb worker # defined in workers.properties. # The general syntax for this file is: # [URL]=[Worker name] # Lets allow access to the examples web app bundled with Tomcat /examples=wlb /examples/*=wlb /manager=wlb /manager/*=wlb /host-manager=wlb /host-manager/*=wlb # Lets also define an URI to access the status workers /private/admin/watch/jk=jkwatch /private/admin/manage/jk=jkmanage ######### workers.properties ################################### # Lets define some environment properties (Not sure this is needed for ajp workers) workers.tomcat_home=/opt/myapp-1.0/tomcat workers.java_home=/usr/java/jdk1.6.0_07 ps=/ # The list of workers # Worker names may only contain characters from the set [a-zA-Z0-9\-_] worker.list= wlb, jkwatch, jkmanage # Now define some properties for the workers. # A worker type must be one of: [ajp12 | ajp13 | jni | lb | status] # Properties for worker: localworker worker.localworker.type=ajp13 worker.localworker.host=localhost worker.localworker.port=8009 worker.localworker.lbfactor=1 worker.localworker.connection_pool_timeout=600 worker.localworker.socket_keepalive=1 worker.localworker.socket_timeout=60 # Defining a load balancer (with a single worker, the local worker) worker.wlb.type=lb worker.wlb.balance_workers=localworker # Defining the status workers, one is read-only worker.jkwatch.type=status worker.jkwatch.read_only=True worker.jkwatch.mount=/private/admin/watch/jk worker.jkmanage.type=status worker.jkmanage.mount=/private/admin/manage/jk --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|