What is the meaning of "declining to authorise" showing in error_log?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: What is the meaning of "declining to authorise" showing in error_log?
From: Chee Yang Chau <cychau@xxxxxxxxx>
Date: Sat, 11 Sep 2010 11:43:39 +0800
Reply-to: users@xxxxxxxxxxxxxxxx

Hi,

I am using Apache HTTPD 2.2.4 release 4 in Fedora Core 4. I am trying to protect a cgi-bin folder using LDAP authentication from a OpenLDAP directory server.

Here is my configuration in httpd.conf:

AuthType Basic

AuthName "CVSweb"

AllowOverride None

Options None

Order deny,allow

Allow from all

AuthBasicProvider ldap

AuthzLDAPAuthoritative off

AuthLDAPURL ldap://ldap.estream.com.my/ou=engineer,dc=example,dc=com,dc=my?uid?sub?(ob

jectclass=posixAccount)

Require valid-user

</Directory>

When I attempt to access a cgi from cgi-bin via web browser, An usual user/password dialog prompt and I able to access the cgi after enter correct user/password information.

However, when I look into the error_log, I found this:

[root@bee httpd]# less error_log

[Sat Sep 11 11:21:38 2010] [debug] mod_authnz_ldap.c(376): [client 192.168.0.126] [22429]

auth_ldap authenticate: using URL ldap://ldap.estream.com.my/ou=engineer,dc=estream,dc=com

,dc=my?uid?sub?(objectclass=posixAccount)

[Sat Sep 11 11:21:38 2010] [debug] mod_authnz_ldap.c(475): [client 192.168.0.126] [22429]

auth_ldap authenticate: accepting ccy

[Sat Sep 11 11:21:38 2010] [debug] mod_authnz_ldap.c(842): [client 192.168.0.126] [22429]

auth_ldap authorise: declining to authorise

There is a "declining to authorise" showing in the error_log, but it seems weird as I able to access my cgi using correct user/password pair. Does anyone know what it means?

My openldap service is host in Fedora Core 13 with SELINUX disable, the /etc/nsswitch.conf has been patched to disable sssd authentication:

passwd: files ldap #sss

shadow: files ldap #sss

group: files ldap #sss

My openldap service is able to handle STARTTLS connection and it is working for another 3 samba servers in my network.

--
Best regards,
Chau Chee Yang

E Stream Software Sdn Bhd
URL: www.sql.com.my
SQL Financial Accounting

Follow-Ups:
- Re: What is the meaning of "declining to authorise" showing in error_log?
  - From: Eric Covener

Prev by Date: Re: Upgrade 1.3.12 -> 2.2.16: Reverse Proxy issues [WAS: Jserv issue ???]
Next by Date: Re: What is the meaning of "declining to authorise" showing in error_log?
Previous by thread: Http trailers
Next by thread: Re: What is the meaning of "declining to authorise" showing in error_log?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]