apache 2.2 and ldap group authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have been trying to implement group-based authentication using LDAP. But have yet to find the secret. I have been able to implement individual authentication using the “require ldap-user [username]” directive successfully.
Some background information: I am using FreeBSD 7.2, Apache 2.2, and OpenLDAP 2.4. Initially I set up 3 directories for my research and verified that I reached the targeted documents successfully before beginning to implement authentication. Then I implemented the ldap-user authentication successfully on one directory.
Back to my challenge with group authentication: Here is the output of the LDAP search “ldapsearch -x -W -D 'cn=Manager,dc=my,dc=mydomain,dc=com' -v -b 'ou=groups,dc=my,dc=mydomain,dc=com' 

# extended LDIF
#
# LDAPv3
# base <ou=groups,dc=my,dc=mydomain,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# groups, my.mydomain.com
dn: ou=groups,dc=my,dc=mydomain,dc=com
ou: groups
description: my.mydomain groups
objectClass: organizationalUnit

# SuperTeam, groups, my.mydomain.com
dn: cn=SuperTeam,ou=groups,dc=my,dc=mydomain,dc=com
ou: groups
description: People who are employees of Super Team
uniqueMember: uid=jeffshearer,dc=my,dc=mydomain,dc=com
uniqueMember: uid=maeshearer,dc=my,dc=mydomain,dc=com
objectClass: groupOfUniqueNames
cn: SuperTeam

# SuperGroup, groups, my.mydomain.com
dn: cn=SuperGroup,ou=groups,dc=my,dc=mydomain,dc=com
ou: groups
description: People who are employees of Super Group
uniqueMember: uid=jacksonshearer,dc=my,dc=mydomain,dc=com
uniqueMember: uid=larryfordham,dc=my,dc=mydomain,dc=com
uniqueMember: uid=spamimoron,dc=my,dc=mydomain,dc=com
objectClass: groupOfUniqueNames
cn: SuperGroup

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3
I have tried a number of configurations for group authenticaiton, all without success. Following is the current iteration of my apache configuration for the superteam.docs directory: 

<Directory /files/superteam.docs>
  AuthType basic
  AuthName "Super Team Members Only"
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthLDAPBindDN "cn=Manager,dc=my,dc=mydomain,dc=com"
  AuthLDAPBindPassword "secret"
  AuthLDAPGroupAttribute uniqueMember
  AuthLDAPGroupAttributeIsDN off
AuthLDAPURL "ldap://192.168.0.92:389/ou=groups,dc=my,dc=mydomain,dc=com?cn=SuperTeam?"; 
  Require ldap-group cn=SuperTeam,ou=groups
  AllowOverride None
  Order allow,deny
  Allow from all
  Options +Includes
  XbitHack on
  </Directory>

Not that I have an alias for /superteam to /files/superteam.docs

Thanks

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux