Hi I have just gone trough the process of setting up ldapz. Here is my working configuration, maybe you can use some of it... ? I have used it in an .htaccess file, but it should not be much difference. Note: This is for microsoft AD, so you should not need to define that weird port.. <FilesMatch ^network> Order deny,allow Deny from All AuthName "Only IT" AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL "ldap://ldap:3268/OU=RR,DC=ad,DC=ourdomain,DC=com?sAMAccountName?sub?(memberOf=CN=it_dep,OU=Mailing lists,OU=RR,DC=ad,DC=ourdomain,DC=com)" AuthLDAPBindDN "CN=ldapread,OU=Service users,OU=It,DC=ad,DC=ourdomain,DC=com" AuthLDAPBindPassword pAss_w0rd Require valid-user Satisfy any </FilesMatch> And offcouse you need to: LoadModule authz_svn_module modules/mod_authz_svn.so LoadModule ldap_module modules/mod_ldap.so Hope this helps.. Regard Lars On Fri, Jan 9, 2009 at 2:00 PM, Wulf Kaiser <wulf.kaiser@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > Hi Eric, > > <AuthnProviderAlias ldap group1-access> > > ldap://ldap.mydomain.de:389/ou=people,dc=mydomain,dc=de?uid?sub?(objectClass=*) > </AuthnProviderAlias> > > <Location /etc/misc/downloads/disk_install> > AuthType Basic > AuthName "Download Area - Disk Images" > AuthBasicProvider group1-access > AuthLDAPGroupAttribute memberUid > AuthLDAPGroupAttribute uniqueMember > AuthLDAPGroupAttribute member > Require ldap-group cn=group1,ou=group,dc=mydomain,dc=de > Prder allow,deny > Allow from all > Satisfy All > </Location> > > with the same result: nothing & still ignoring (no log entries) > > Eric Covener schrieb: >> >> On Fri, Jan 9, 2009 at 7:35 AM, Wulf Kaiser >> <wulf.kaiser@xxxxxxxxxxxxxxxxxxxxxxx> wrote: >>> >>> Hi Eric, >>> >>> thanks in advance. I tried that by setting >>> .... >>> Order deny,allow >>> Deny from all >>> Satisfy any >>> </Directory> >>> >>> but without result :-(( >>> >>> I am currently tailing -f the httpd error logs in debug mode, and also >>> the >>> LDAP logs, but i do not get more out of them then a pain in the eye... >>> >>> It really seems as mod_(autnz)_ldap is simply ignored. >> >> >> Any chance you're blowing this config away implicitly by a Location >> container that matches (with e.g. allow from all?) I would recommend >> Satisfy All while testing. >> > > -- > Grüße, > > Wulf Kaiser > ___________________________ > > IT Services - Web & Database Development > Webmaster www.mpimf-heidelberg.mpg.de > > Max-Planck-Institut für medizinische Forschung > Jahnstrasse 29 - 69120 Heidelberg > Fon +49 6221 486560 Fax +49 6221 486561 > > SHA1 Fingerprint: > 6a a7 67 d6 e0 21 d1 59 d1 73 20 fb e8 b4 d9 51 ac aa 6d 17 > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|