Re: Is AuthnProviderAlias subtly broken in 2.4?

[Eric Covener]

On Wed, Oct 2, 2013 at 1:53 PM, tguadagno  wrote:
> actually, that approach was depricated in 2.3(i think), you can do that in
> 2.2.  the replacement was supposed to be aliasing

Multiple hostnames was not deprecated. They're just passed to the LDAP
SDK, not managed by Apache.

Re: Is AuthnProviderAlias subtly broken in 2.4?

[tguadagno]

please chime in, on this bug

https://issues.apache.org/bugzilla/show_bug.cgi?id=55622




--
View this message in context: 
http://apache-http-server.18135.x6.nabble.com/Is-AuthnProviderAlias-subtly-broken-in-2-4-tp5008056p5009073.html
Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.

Re: Is AuthnProviderAlias subtly broken in 2.4?

[tguadagno]

actually, that approach was depricated in 2.3(i think), you can do that in
2.2.  the replacement was supposed to be aliasing



--
View this message in context: 
http://apache-http-server.18135.x6.nabble.com/Is-AuthnProviderAlias-subtly-broken-in-2-4-tp5008056p5009071.html
Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.

Re: Is AuthnProviderAlias subtly broken in 2.4?

[Eric Covener]

You c

On Wed, Oct 2, 2013 at 1:40 PM, tguadagno  wrote:
> hi, thanks for the update.  is there any way to get ldap redundancy without
> aliasingi thought not.

You can put multiple hostnames in one AuthLDAPURL.  TBH I'm not sure
those aliases permit two different AuthLDAPURL's combined that way.

Re: Is AuthnProviderAlias subtly broken in 2.4?

[tguadagno]

hi, thanks for the update.  is there any way to get ldap redundancy without
aliasingi thought not.



--
View this message in context: 
http://apache-http-server.18135.x6.nabble.com/Is-AuthnProviderAlias-subtly-broken-in-2-4-tp5008056p5009068.html
Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.

Re: Is AuthnProviderAlias subtly broken in 2.4?

[Mikhail T.]

02.10.2013 09:59, tguadagno ???(??):
> hi, i am having the same issue, have you figured out a fix yet?
Nope... I rewrote the config replicating in multiple places the details,
that were neatly "aliased" in 2.2

-mi

Re: Is AuthnProviderAlias subtly broken in 2.4?

[tguadagno]

hi, i am having the same issue, have you figured out a fix yet?



--
View this message in context: 
http://apache-http-server.18135.x6.nabble.com/Is-AuthnProviderAlias-subtly-broken-in-2-4-tp5008056p5009054.html
Sent from the Apache HTTP Server - Dev mailing list archive at Nabble.com.

Is AuthnProviderAlias subtly broken in 2.4?

[Mikhail T.]

Hello!

We had the auth setup under 2.2, that used two AuthnProviderAlias-blocks -- one 
for LDAP and one for a handful of local user-accounts not known to the Active 
Directory:


   
  AuthLDAPBindDN "cn=foo,ou=bar,ou=Enterprise
   Applications,dc=corp,dc=ad,dc=example,dc=com"
  AuthLDAPBindPassword "secret"
  AuthLDAPURL
   
"ldaps://corp.ad.example.com:3269/dc=corp,dc=ad,dc=example,dc=com?sAMAccountName?sub?(objectClass=*)"
  AuthLDAPRemoteUserAttribute sAMAccountName
   

   
  AuthUserFile '/data/servers/apache-scm/conf/admin.passwd'
   

The actual usage of the above was thus:

   AuthType Basic
   AuthName "Who are you?"
   AuthBasicProvider AdminFile CorpAD
   Require valid-user

The config is currently working on our production server, but I'm trying to 
upgrade the dev-server to 2.4.6. Unfortunately, the 2.4.6 kept rejecting me -- 
without even trying to perform an LDAP query (LogLevel is set to trace3):


    AH01618: user mikhail not found: /foo/...
    auth phase 'check user' gave status 401: /foo/
    Response sent with status 401

Bewildered I decided to forgo the provider-aliasing, and simply copied both the 
LDAP and the file settings into the location. Suddenly things started to work 
properly -- the messages from authnz_ldap appear in the log, the lookups 
succeed, and I'm able to login...


It looks like am not alone -- someone else has already asked about this on 
users@ 
, 
but got no replies...Please, advise. Yours,


   -mi