Re: mod_authnz_ldap module and Microsoft AD LDAP Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Rodney Ramos wrote:

Great! That´s it!

I´ve tried to use a user called "admin" that exists in the LDAP server.

So, to make the test, I´ve created a crazy username and put it into the flat
file, and it works!

The Apache tries to consult the flat file only if it doesn´t find the user
in the LDAP server.

Now, another problem (sorry for boring you). Instead of use a flat file as a
second option, I want to use a database.

So, I´ve installed the Apache::DBI module and tried to use the
Apache::AuthDBI to authenticate in a MySQL database.

Now the problem is that Apache only try to use the Apache::AuthDBI module.
It doesn´t looking for in the LDAP server any more.

Any idea? Maybe I shoud try to use the mod_authn_dbd instead of
Apache::AuthDBI?

What do you think?



Hi.
I think indeed that you try with mod_authn_dbd instead of Apache::AuthDBI, in this case.
There are others here that will explain that better than I can (Torsten, are you there ?), but in a nutshell : 

Modules like mod_xxx are Apache add-on modules written in C.
Modules like Apache::AuthDBI are Apache add-on modules written in Perl, who themselves work within the framework provided by the mod_perl add-on module (and the embedded perl interpreter that it carries with it). mod_perl itself "insinuates itself" fairly deeply into Apache, so that many times you can do the same things as what C add-on modules achieve (or even more things), but mod_perl add-on modules and C add-on modules do not always "cooperate" so well with eachother.
In the latest Apache 2.x versions, the various mod_authxxxx C modules have apparently been rewritten so that they cooperate with eachother well. On the other hand, Apache::DBI is older, and does not cooperate so nicely with the others. So you shouldn't mix the two types of add-ons, at least not when it is within the same Apache "authentication phase".
This was a very summary explanation, and probably quite insufficient from a purist technical point of view. If you need more details, ask and I'll try. 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux