Hi again, first: sorry for the typo within <Directory>... the right one is of course <Directory /etc/misc/downloads/disk_install> Then: while googling, i found some guys with the same problem, i. e. http://mail-archives.apache.org/mod_mbox/httpd-users-de/200605.mbox/%3C20060526092358.311470@xxxxxxx%3E He described it as "Is Apache ignoring mod_ldap" - no solution posted. -- Cheerio, Wulf Kaiser ___________________________ IT Services - Web & Database Development Webmaster www.mpimf-heidelberg.mpg.de Max-Planck-Institut für medizinische Forschung Jahnstrasse 29 - 69120 Heidelberg Fon +49 6221 486560 Fax +49 6221 486561 SHA1 Fingerprint: 6a a7 67 d6 e0 21 d1 59 d1 73 20 fb e8 b4 d9 51 ac aa 6d 17
--- Begin Message ---
- To: users@xxxxxxxxxxxxxxxx
- Subject: mod_authnz_ldap not working?
- From: Wulf Kaiser <wulf.kaiser@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 09 Jan 2009 10:29:02 +0100
- Original-recipient: rfc822;Wulf.Kaiser@xxxxxxxxxxxxxxxxxxxxxxx
- Reply-to: users@xxxxxxxxxxxxxxxx
- User-agent: Thunderbird 2.0.0.19 (Windows/20081209)
Dear fellow indians, a happy new year!Recently i compiled httpd-2.2.11 on my 4 Servers (SPARC Solaris 10). Everything went fine, without hazzles or errors. For mod_ldap and mod_authnz_ldap, i compiled against the OpenLDAP 2.3.39 Libraries. The following DSO's are loaded:LoadModule authn_alias_module modules/mod_authn_alias.so LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule ldap_module modules/mod_ldap.so LoadModule version_module modules/mod_version.so LoadModule ssl_module modules/mod_ssl.so LoadModule dav_module modules/mod_dav.so LoadModule cgi_module modules/mod_cgi.so LoadModule dav_fs_module modules/mod_dav_fs.so LoadModule dav_lock_module modules/mod_dav_lock.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule php5_module modules/libphp5.so LoadModule perl_module modules/mod_perl.soThen, i had to secure a subdirectory of our download area (restrict access to the members of a certain group only). Here's what i added to httpd.conf (directly below the DocumentRoot directive):<AuthnProviderAlias ldap group1-access>AuthLDAPURL ldap://ldap.mydomain.de:389/ou=people,dc=mydomain,dc=de?uid?sub?(objectClass=*)</AuthnProviderAlias> <Directory /etc/misc/downloads//disk_install> AuthType Basic AuthName "Download Area - Disk Images" AuthBasicProvider group1-access AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttribute uniqueMember AuthLDAPGroupAttribute member Require ldap-group cn=group1,ou=group,dc=mydomain,dc=de Deny from all Satisfy any </Directory>And - it's not working; everyone still has access to the directory. No Browser error's, no httpd_error.log entries, and - most curious - i don't see *any* requests concerning this from the web server in the LDAP Server Logfiles. It seems as mod_authnz_ldap would just not be loaded...The LDAP Server is Sun Directory Server on a remote machine.Funnily enough, my PHP-based Web forms can query LDAP - same source, same destination.Querying LDAP from the commandline of thet machine also works. Any ideas (and help) would be very, very appreciated ;-)) -- Best, Wulf Kaiser ___________________________ IT Services - Web & Database Development Webmaster www.mpimf-heidelberg.mpg.de Max-Planck-Institut für medizinische Forschung Jahnstrasse 29 - 69120 Heidelberg Fon +49 6221 486560 Fax +49 6221 486561 SHA1 Fingerprint: 6a a7 67 d6 e0 21 d1 59 d1 73 20 fb e8 b4 d9 51 ac aa 6d 17Attachment: smime.p7s
Description: S/MIME Cryptographic Signature
--- End Message ---
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
|