Re: mod_auth_kerb and mod_authnz_ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Dec 6, 2008 at 1:51 AM, Jesper Krogh <jesper.krogh@xxxxxxxxx> wrote:
> On Fri, Dec 5, 2008 at 11:48 PM, Eric Covener <covener@xxxxxxxxx> wrote:
>> On 12/5/08, Jesper Krogh <jesper.krogh@xxxxxxxxx> wrote:
>>
>>>                 Require ldap-group CN=TestGroup,OU=Groups,OU=Company
>>>                 require valid-user
>>
>> Require directives are OR'ed not AND'ed, despite the way "require" sounds.
>
> Removing the "require valid-user" from the configurataion changes the
> error message to:
> [Sat Dec 06 07:49:26 2008] [debug] mod_authnz_ldap.c(852): [client
> 10.194.134.5] [22264] auth_ldap authorise: authorisation denied
>
> But It still lets people in instead of sending a 401 page.

Weird on a few fronts, are you sure this log entry corresponds to the 200?

1)  "AuthzLDAPAuthoritative off" means you should see "declining to
authorise" instead of "authorization denied"
2) Once you see this message, i don't think any other module would be
have a chance to flip it to a 200

-- 
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux