Have you, anywhere higher up in your configuration, specified AllowOverride AuthConfig? If I don't do that then my .htaccess files don't work no matter what is in them. Perhaps even when doing it in the main config, it requires the same allowance. -----Original Message----- From: Wulf Kaiser [mailto:wulf.kaiser@xxxxxxxxxxxxxxxxxxxxxxx] Sent: Friday, January 09, 2009 9:15 AM To: users@xxxxxxxxxxxxxxxx Subject: Re: mod_authnz_ldap not working? Hi Lars, thnax for your help, but... i tried: <Location /etc/misc/downloads/disk_install> Order deny,allow Deny from All AuthName "Download Area - Disk Images" AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL ldap://ldap.mydomain.de:389/dc=mydomain,dc=de?cn,userPassword,memberUid,memb er,gidNumber?sub?(&(objectClass=posixGroup)(gidNumber=915)) Require valid-user Satisfy any </Location> according to your configuration. Again no attempt from mod_authnz_ldap to query LDAP, access is still granted, no log entries ;-(((( Weird. - Wulf Lars schrieb: > Hi > > I have just gone trough the process of setting up ldapz. Here is my > working configuration, maybe you can use some of it... ? > I have used it in an .htaccess file, but it should not be much difference. > Note: This is for microsoft AD, so you should not need to define that > weird port.. > > <FilesMatch ^network> > Order deny,allow > Deny from All > AuthName "Only IT" > AuthType Basic > AuthBasicProvider ldap > AuthzLDAPAuthoritative off > AuthLDAPURL "ldap://ldap:3268/OU=RR,DC=ad,DC=ourdomain,DC=com?sAMAccountName?sub?(member Of=CN=it_dep,OU=Mailing > lists,OU=RR,DC=ad,DC=ourdomain,DC=com)" > AuthLDAPBindDN "CN=ldapread,OU=Service users,OU=It,DC=ad,DC=ourdomain,DC=com" > AuthLDAPBindPassword pAss_w0rd > Require valid-user > Satisfy any > </FilesMatch> > > > And offcouse you need to: > LoadModule authz_svn_module modules/mod_authz_svn.so > LoadModule ldap_module modules/mod_ldap.so > > > Hope this helps.. > > Regard > Lars > > On Fri, Jan 9, 2009 at 2:00 PM, Wulf Kaiser > <wulf.kaiser@xxxxxxxxxxxxxxxxxxxxxxx> wrote: >> Hi Eric, >> >> <AuthnProviderAlias ldap group1-access> >> >> ldap://ldap.mydomain.de:389/ou=people,dc=mydomain,dc=de?uid?sub?(objectClass =*) >> </AuthnProviderAlias> >> >> <Location /etc/misc/downloads/disk_install> >> AuthType Basic >> AuthName "Download Area - Disk Images" >> AuthBasicProvider group1-access >> AuthLDAPGroupAttribute memberUid >> AuthLDAPGroupAttribute uniqueMember >> AuthLDAPGroupAttribute member >> Require ldap-group cn=group1,ou=group,dc=mydomain,dc=de >> Prder allow,deny >> Allow from all >> Satisfy All >> </Location> >> >> with the same result: nothing & still ignoring (no log entries) >> >> Eric Covener schrieb: >>> On Fri, Jan 9, 2009 at 7:35 AM, Wulf Kaiser >>> <wulf.kaiser@xxxxxxxxxxxxxxxxxxxxxxx> wrote: >>>> Hi Eric, >>>> >>>> thanks in advance. I tried that by setting >>>> .... >>>> Order deny,allow >>>> Deny from all >>>> Satisfy any >>>> </Directory> >>>> >>>> but without result :-(( >>>> >>>> I am currently tailing -f the httpd error logs in debug mode, and also >>>> the >>>> LDAP logs, but i do not get more out of them then a pain in the eye... >>>> >>>> It really seems as mod_(autnz)_ldap is simply ignored. >>> >>> Any chance you're blowing this config away implicitly by a Location >>> container that matches (with e.g. allow from all?) I would recommend >>> Satisfy All while testing. >>> >> -- >> Grüße, >> >> Wulf Kaiser >> ___________________________ >> >> IT Services - Web & Database Development >> Webmaster www.mpimf-heidelberg.mpg.de >> >> Max-Planck-Institut für medizinische Forschung >> Jahnstrasse 29 - 69120 Heidelberg >> Fon +49 6221 486560 Fax +49 6221 486561 >> >> SHA1 Fingerprint: >> 6a a7 67 d6 e0 21 d1 59 d1 73 20 fb e8 b4 d9 51 ac aa 6d 17 >> >> > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > -- Grüße, Wulf Kaiser ___________________________ IT Services - Web & Database Development Webmaster www.mpimf-heidelberg.mpg.de Max-Planck-Institut für medizinische Forschung Jahnstrasse 29 - 69120 Heidelberg Fon +49 6221 486560 Fax +49 6221 486561 SHA1 Fingerprint: 6a a7 67 d6 e0 21 d1 59 d1 73 20 fb e8 b4 d9 51 ac aa 6d 17 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx