RE: [EMAIL PROTECTED] grab header to redirect

2006-08-15 Thread Declerck Michael-W30479 
Can you be a bit more specific?
The examples show how to redirect a file access to a specific URL.
I want a specific URL to redirect to a file (a different page than the
DirectoryIndex).

Michael

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua
Slive
Sent: Wednesday, August 09, 2006 10:31 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] grab header to redirect

On 8/9/06, Declerck Michael-W30479 <[EMAIL PROTECTED]> wrote:
> Hello,
> Is there a way to grab a header/DNS name using Apache 2.2?
> A little background:
> I have a primary DNS name and a secondary DNS name that maps to the 
> same IP address.
> Right now, my Apache 2.2 configuration redirects the client directly 
> to the index.pl page using the directives:
> 
> DirectoryIndex index.pl
> 
> when the DNS routes the client to my server.
>
> The secondary DNS name will also route to the same IP, thus serving 
> index.pl for the second DNS name as well, which is not what I want to 
> do.
> I have been informed that the secondary DNS name will not change in 
> the browser when it routes to the server.
>
> Is there a way to grab this DNS name (would this be found as a 
> header?) and redirect the client based on what that name is?
> I have a little bit of experience with mod_rewrite, but that 
> experience is nominal at best.

Sounds like you are looking for:
http://httpd.apache.org/docs/1.3/misc/FAQ.html#canonical-hostnames

Joshua.

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] grab header to redirect

2006-08-09 Thread Declerck Michael-W30479 
Hello,
Is there a way to grab a header/DNS name using Apache 2.2?
A little background:
I have a primary DNS name and a secondary DNS name that maps to the same
IP address.
Right now, my Apache 2.2 configuration redirects the client directly to
the index.pl page using the directives:

DirectoryIndex index.pl

when the DNS routes the client to my server.
 
The secondary DNS name will also route to the same IP, thus serving
index.pl for the second DNS name as well, which is not what I want to
do.
I have been informed that the secondary DNS name will not change in the
browser when it routes to the server.
 
Is there a way to grab this DNS name (would this be found as a header?)
and redirect the client based on what that name is?
I have a little bit of experience with mod_rewrite, but that experience
is nominal at best.
 
Any help or advice is appreciated,
Michael DeClerck

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Unlock Your Mind's Hidden Power, Today...

2006-08-07 Thread Declerck Michael-W30479 
Are you serious? 

-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of John
Sent: Sunday, August 06, 2006 8:36 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Unlock Your Mind's Hidden Power, Today...

www.HumanDataTransfer.com  great information.

---
MAF Anti-Spam ID: 20060801082756H1v3CkI2




-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] LDAP auth: Internal Server Error

2006-08-04 Thread Declerck Michael-W30479 
I think I've got something:
http://httpd.apache.org/docs/2.2/mod/mod_ldap.html under OpenLDAP SDK
states that I need to have the directive 
LDAPTrustedGlobalCert to be specified in order for it to work.
..After trying this with my SSL certifiacte I still have the same
problem.
Is there a special LDAP sertifiacte that I need for this to work?  

-Original Message-
From: Mika Borner [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 04, 2006 9:11 AM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] LDAP auth: Internal Server Error

>I downloaded ans installed OpenLDAP v2.3.24 from source. I'm not sure
if
>that came with an SDK...
>I don't see any SDK's on the OpenLDAP download website. 
>Where could I get an SDK?

I haven't touched OpenLDAP lately, but I guess it is somewhere in the
source tree of the tar-ball.

For our novell-sdk i used following apache options:

"--with-ldap" \
"--with-ldap-dir=/u00/appl/novell-cldap" \ "--enable-ldap" \
"--with-ldap-lib=/u00/appl/novell-cldap/lib" \
"--with-ldap-include=/u00/appl/novell-cldap/include"

Just set the path to your openldap source tree. If it is correct it
should find the sdk. Of course it is possible that your apache instance
is already compiled with the openldap sdk. Depends on your operating
system. You can check this e.g. in the error log. 





-
This message is intended for the addressee only and may contain
confidential or privileged information. If you are not the intended
receiver, any disclosure, copying to any person or any action taken or
omitted to be taken in reliance on this e-mail, is prohibited and may be
un- lawful. You must therefore delete this e-mail.
Internet communications may not be secure or error-free and may contain
viruses. They may be subject to possible data corruption, accidental or
on purpose. This e-mail is not and should not be construed as an offer
or the solicitation of an offer to purchase or subscribe or sell or
redeem any investments.

-


-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] LDAP auth: Internal Server Error

2006-08-04 Thread Declerck Michael-W30479 
 
In my previous message, I included the errors that I have been
experiencing:

[Thu Aug 03 11:00:20 2006] [error] Internal error: pcfg_openfile()
called with NULL filename 
[Thu Aug 03 11:00:20 2006] [error] [client 10.22.62.15] (9)Bad file
descriptor: Could not open password file: (null)

These errors do not seem to point to an SDK issue.
But my inexperience with Apache preceeds me.

-Original Message-
From: Mika Borner [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 04, 2006 9:11 AM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] LDAP auth: Internal Server Error

>I downloaded ans installed OpenLDAP v2.3.24 from source. I'm not sure
if
>that came with an SDK...
>I don't see any SDK's on the OpenLDAP download website. 
>Where could I get an SDK?

I haven't touched OpenLDAP lately, but I guess it is somewhere in the
source tree of the tar-ball.

For our novell-sdk i used following apache options:

"--with-ldap" \
"--with-ldap-dir=/u00/appl/novell-cldap" \ "--enable-ldap" \
"--with-ldap-lib=/u00/appl/novell-cldap/lib" \
"--with-ldap-include=/u00/appl/novell-cldap/include"

Just set the path to your openldap source tree. If it is correct it
should find the sdk. Of course it is possible that your apache instance
is already compiled with the openldap sdk. Depends on your operating
system. You can check this e.g. in the error log. 





-
This message is intended for the addressee only and may contain
confidential or privileged information. If you are not the intended
receiver, any disclosure, copying to any person or any action taken or
omitted to be taken in reliance on this e-mail, is prohibited and may be
un- lawful. You must therefore delete this e-mail.
Internet communications may not be secure or error-free and may contain
viruses. They may be subject to possible data corruption, accidental or
on purpose. This e-mail is not and should not be construed as an offer
or the solicitation of an offer to purchase or subscribe or sell or
redeem any investments.

-


-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] LDAP auth: Internal Server Error

2006-08-04 Thread Declerck Michael-W30479 
 
I downloaded ans installed OpenLDAP v2.3.24 from source. I'm not sure if
that came with an SDK...
I don't see any SDK's on the OpenLDAP download website. 
Where could I get an SDK?

-Original Message-
From: Mika Borner [mailto:[EMAIL PROTECTED] 
Sent: Friday, August 04, 2006 12:29 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] LDAP auth: Internal Server Error

Hi.

>I get a authentication pop-up box from the LDAP server.
>After I authenticate, however, I get an Internal Server Error on the 
>page and these two errors in my error log:

I found that several internal server errors come from using a wrong LDAP
SDK. Are you sure your apache instance's included LDAP SDK matches your
LDAP Directory Server Brand?

Sorry, can't help any further...







-
This message is intended for the addressee only and may contain
confidential or privileged information. If you are not the intended
receiver, any disclosure, copying to any person or any action taken or
omitted to be taken in reliance on this e-mail, is prohibited and may be
un- lawful. You must therefore delete this e-mail.
Internet communications may not be secure or error-free and may contain
viruses. They may be subject to possible data corruption, accidental or
on purpose. This e-mail is not and should not be construed as an offer
or the solicitation of an offer to purchase or subscribe or sell or
redeem any investments.

-


-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] LDAP auth: Internal Server Error

2006-08-03 Thread Declerck Michael-W30479 
I want to allow only certain users to authenticate themselves against an
LDAP server.
This authentication is only for a folder on my document root.
I am using Apache2.2.2.

I get a authentication pop-up box from the LDAP server.
After I authenticate, however, I get an Internal Server Error on the
page and these two errors in my error log:
[Thu Aug 03 11:00:20 2006] [error] Internal error: pcfg_openfile()
called with NULL filename
[Thu Aug 03 11:00:20 2006] [error] [client 10.22.62.15] (9)Bad file
descriptor: Could not open password file: (null)

Does anyone know what pcfg_openfile() is? Does that have something to do
with .htpasswd?
Here is my LDAP configuration:


# Enable the LDAP connection pool and shared memore cache
LDAPsharedCacheSize 20
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600

# Enable the LDAP cache status handler.


   SetHandler ldap-status
   Order deny,allow
   Deny from all
   Allow from all
   AuthType Basic
   AuthName "Applications Directory Authentication"
   AuthLDAPURL
ldap://ids.mot.com/ou=people,ou=intranet,dc=mot,dc=com?uid
   AuthzLDAPAuthoritative on
   require user w30479


# Enable LDAP authentication on "auth" directory

   Order allow,deny
   Options FollowSymLinks
   AllowOverride None
   Allow from all
   AuthType Basic
   AuthName "Enter Your Applications Directory Password"
   AuthLDAPURL
ldap://ids.mot.com:389/ou=people,ou=intranet,dc=mot,dc=com?motguid
   require ldap-user rlvh30 wlkw03 w16993

 

What I really want to do is authenticate over SSL, which I have
activated on the "default" virtual host.
I have tried the secure ldap server (ldaps://) but I have the same
error.

Any advice is appreaciated,
Michael DeClerck

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Firefox - 'partially encrypted' SSL

2006-08-03 Thread Declerck Michael-W30479 
Thank you for all the help!
I decided to download all my js and css sources on to the website and
src them appropriately with the https:// prefix.
This deleted the 'partial encryption' in Firefox, and I also get the
little lock down in the IE status bar (oh yay!).

However, I still have a bunch of images src'ed with http:// from the
intranet standards web server (which does not support SSL).
So IE asks the client, "There are both secure and non-secure items on
this page. Do you want to display the non-secure items?", and when "No"
is clicked, all the images are broken appropriately.

What would the advantage be of downloading all the http:// src'ed images
on to my server besides not having that pop-up in IE?
Can images be hacked to do malicious things? 
In other words, what sort of security am I compromising by src'ing the
images off an unencrypted server?

Again thank you for your advice,
Michael DeClerck



From: Graeme Walker [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, August 02, 2006 9:50 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Firefox - 'partially encrypted' SSL


If there are any page resources, other than links to other websites etc
then this will cause the page to be partially secured, since these are
not https resources i.e. are not using a secure socket.


On 8/2/06, Declerck Michael-W30479 <[EMAIL PROTECTED]> wrote: 

Under 'view page info' then 'links' I have about nine different
http://
links, but most of them lead away from my site.
One of links is a form submission to an intranet search database
(I have
to include that because of intranet standards), and the
javascript for 
that searching function is sourced from another site on the
intranet.

I have a rewrite rule that transfers all http:// requests to
https://,
but I had all my site links changed anyway.
What does the linking have to do with the partially encrypted
message? 
And could external javascript sourcing cause a hole in the SSL
encryption?

-Original Message-
From: Richard Collyer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 02, 2006 5:25 AM 
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Firefox - 'partially encrypted' SSL


    On Wed, August 2, 2006 10:11 am, Vincent Bray wrote:
> On 8/1/06, Declerck Michael-W30479 < [EMAIL PROTECTED]>
wrote:
>> Any advice?
>> Does this sound like Firefox brokenness?
>> I would assume that it is my configuration that is the
problem. 
>
> Is this just a case of having media or frames linked in to
your page
> via http:// links?

Right click --> view page info.

Search for the media that is linked by http:// and not https:// 

Cheers
Richard



-
The official User-To-User support forum of the Apache HTTP
Server
Project.
See http://httpd.apache.org/userslist.html
<http://httpd.apache.org/userslist.html> > for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest:
[EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



- 
The official User-To-User support forum of the Apache HTTP
Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> 
For additional commands, e-mail: [EMAIL PROTECTED]





-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] problem while accessing a executable using apache2.0.48 server

2006-08-03 Thread Declerck Michael-W30479 
> I have given the permissions as  rwxrwxrwx and
> tried. Then also its giving the same problem.

Who owns the executable?
I am by no means an Apache expert, but you may want to play around with
the user and group ownership.
Most executables are chown'ed and chgrp'ed by root (at least in my
distros bin). 
You could be having issues there...

However, you will see many "premature end of script headers" in my
Apache error_log simply because I use my Apache server to test my web
scripts after I change them :) . That message usually occurs because of
a scripting error.
But you are running an executable, not a perl script, and I see that the
referrer did not give you a line where the error occured.

I would maybe resinstall the program as well.

Just some suggestions,
Michael DeClerck



From: Devireddy, Nagendra Reddy (STSD) [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, August 02, 2006 11:25 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] problem while accessing a executable using
apache2.0.48 server


 

Hi all, 

I am facing some problem while access a .exe file from the server. 

http://localhost:3444/test.exe   

Its giving the following error : 

Internal Server Error 
The server encountered an internal error or misconfiguration and was
unable to complete your request. 
Please contact the server administrator, [EMAIL PROTECTED] and inform
them of the time the error occurred, and anything you might have done
that may have caused the error.

More information about this error may be available in the server error
log. 
And this is the error message in server log .. 
Premature end of script headers: test.exe, referer:
http://localhost:3444/test.exe   
But I am able to run that exe from command line. Its generating correct
output. I have given the permissions as  rwxrwxrwx and tried. Then also
its giving the same problem.

Can some one help me on this.. 
Thanks in advance .. 

Thanks and Regards, 
Nagendra Reddy. D 


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Firefox - 'partially encrypted' SSL

2006-08-02 Thread Declerck Michael-W30479 
Under 'view page info' then 'links' I have about nine different http://
links, but most of them lead away from my site.
One of links is a form submission to an intranet search database (I have
to include that because of intranet standards), and the javascript for
that searching function is sourced from another site on the intranet.

I have a rewrite rule that transfers all http:// requests to https://,
but I had all my site links changed anyway.
What does the linking have to do with the partially encrypted message?
And could external javascript sourcing cause a hole in the SSL
encryption?

-Original Message-
From: Richard Collyer [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, August 02, 2006 5:25 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Firefox - 'partially encrypted' SSL


On Wed, August 2, 2006 10:11 am, Vincent Bray wrote:
> On 8/1/06, Declerck Michael-W30479 <[EMAIL PROTECTED]> wrote:
>> Any advice?
>> Does this sound like Firefox brokenness?
>> I would assume that it is my configuration that is the problem.
>
> Is this just a case of having media or frames linked in to your page 
> via http:// links?

Right click --> view page info.

Search for the media that is linked by http:// and not https://

Cheers
Richard


-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Firefox - 'partially encrypted' SSL

2006-08-01 Thread Declerck Michael-W30479 
Hello,
My system is Ubuntu 6.06 and Apache 2.2 with mod_ssl.
I have a problem with Firefox which says that the client-server
interaction is only partially encrypted.
The message from the Firefox says exactly:
 
Connection Partially Encrypted
Parts of the page you are viewing were not encrypted before being
transmitted over the Internet.
Information sent over the Internet without encryption can be seen by
other people while it is in transit.

I installed mod_ssl statically, which gave me the default
conf/extra/httpd-ssl.conf, where ssl is supported by virtual host.
The file httpd-ssl.conf is included in my main httpd.conf.
When I statically installed, Apache modified my httpd.conf file in some
way, but I mistakingly saved over it.
 
One issue might be with a PRNG, because I do not know where I have one
(if I have one, it is not in /dev) in the httpd-ssl.conf.
Here's my httpd-ssl.conf file:

#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512 

Listen 10.22.97.248:443
Listen 10.22.97.248:80
AddType application/x-x509-ca-cert .cert
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog  builtin 
SSLSessionCacheshmcb:/usr/local/apache2/logs/ssl_scache(512000)
SSLSessionCacheTimeout  300
 
SSLMutex  file:/usr/local/apache2/logs/ssl_mutex
 

#   General setup for the virtual host
DocumentRoot "/usr/local/apache2/cgi-bin"
ServerName panicrepository.am.mot.com:443
ServerAdmin [EMAIL PROTECTED]
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log
 
#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 
#   Server Certificate:
SSLCertificateFile
/usr/local/openssl/certs/panicrepository.am.mot.com.cert

SSLCertificateKeyFile
/usr/local/openssl/private/panicrepository.am.mot.com.key
 

SSLOptions +StdEnvVars


SSLOptions +StdEnvVars

BrowserMatch ".*MSIE.*" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
 
#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /usr/local/apache2/logs/ssl_request_log \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 




Any advice?
Does this sound like Firefox brokenness?
I would assume that it is my configuration that is the problem.

Michael DeClerck

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Reg. Permissions problem

2006-08-01 Thread Declerck Michael-W30479 
>  Can i configure the Webserver to run as userID dts. 

You can configure the web server to run as whomever you choose.
You can change the user and group within the  directive, with 'User ' and 'Group '.
I am using Apache2.2 though.


-Original Message-
From: vivek k [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 01, 2006 1:15 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Reg. Permissions problem

Hi All,
  I am Vivek. I am faced with a problem regarding an applications which
runs under Redhat Linux.
   
  The application userid is dts and groupid being dtsprod. The Apache
server httpd runs as wwwsvr and when it tries to execute the application
this application creates a log file wth userid dts and groupid as dtprod
in the /tmp directory.
   
  rw_r__r__   dts  dtsprod  appexec.log
   
  When the Apache server tries to modify the file it is gving permission
denied error in the error_log file.
   
  Is there a way of solving this problem ? Can i configure the Webserver
to run as userID dts. 
   
Regards,
Vivek


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] mod_authnz_ldap for 2.2.2

2006-07-31 Thread Declerck Michael-W30479 
Elaine,
Thank you for your help!

I had already installed Apache once without any modules, so I had
apr-utils installed.
I had been trying to compile and recompile apr-utils because of all the
errors having to do with apr-utils, but was unsuccessful every time.
One problem I had was that apr-utils was being extremely particular
about it's install directory.
In any directory other than /usr/local/apache2, or /usr/local/httpd-apr
and /usr/local/httpd-apr-utils, I would get a complaint stating
explicitly that it could not be installed in my
/home/userName/apache2.2.2 directory.
This complaint/error would occur during the 'make install' process
 
This is was the case, becasue I was using the --prefix to try to install
over my previous Apache install in my home directory.
 
The second problem was those two missing flags, thank you for pointing
me to those otherwise I would have never solved this issue!
--with-ldap-lib=/usr/local/lib and
--with-ldap-include=/usr/local/include.
 
Once you told me about those flags, I started over completely: I went to
a fresh environment with none of my previous env variables set, and
tarred Apache again into a new source directory.
I used those two flags plus all the previous flags:--prefix=(home
directory location) --enable-ldap, --enable-authnz-ldap, --with-ldap,
and also --enable-ssl.
 
The only problem I had then was the apr-utils message which complained
during the 'make install' process just as it had done before.
I took away the prefix flag, allowing Apache to install in the default
location: /usr/local/apache2. 
Result: 0 errors! I checked httpd -l and all the modules are there.
 
I have a few questions about your entry below:

> "./configure" \
> "--prefix=/www/httpd_2.2.2" \
> "--enable-so" \
> "--enable-ssl=shared" \
> "--with-ssl=/usr/local/ssl-httpd2" \
> "--enable-ldap" \
> "--enable-authnz-ldap" \
> "--with-ldap-lib=/usr/local/lib" \
> "--with-ldap-include=/usr/local/include" \
> "--with-ldap" \

What is the --enable-so flag for?
Is the --with-ssl flag pointing to the ssl libraries?
Why is --enable-ssl set to shared? Does that have something to do with
DSO?

Again, thank you very much for your help Elaine,
Micahel DeClerck



From: elaine [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 28, 2006 3:03 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] mod_authnz_ldap for 2.2.2



Declerck Michael-W30479 wrote:


I tried the extra --with-ldap-include and --with-ldap-lib flags,
but I get the same error.
Do you think this may have to do with the environment variables
CPPFLAGS, CFLAGS, LDFLAGS, and or LD_LIBRARY_PATH?
See my previous message for what they are set to
(LD_LIBRARY_PATH is set to
/directory/of/previous/apache/install/lib:${LD_LIBRARY_PATH}).
 
I have been trying to do the apr-util recompile as listed on the
http://httpd.apache.org/docs/2.2/install.html page.
The first step on the site (see link above) which is to compile
apr, it compiles _very quickly_ (the make lasts about two lines). 
Otherwise, this first step compiles without incident into the
previous Apache install folder in my home directory.

I know two ways to solve this problem. I hope them would be useful for
you. 

1)  The first is using bundled apr and apr-util. It means that your
system can't have any
previous apr and apr-util installation in /usr/local (default
installation). If you have, you need to rename them.
After this, you can use all the flags that I've suggested. I recommend
to use "make clean" and "make distclean"
before the new build process.

Below,  my config.nice for example. How to use bundled apr/apr-util :


#! /bin/sh
#
# Created by configure

"./configure" \
"--prefix=/www/httpd_2.2.2" \
"--enable-so" \
"--enable-ssl=shared" \
"--with-ssl=/usr/local/ssl-httpd2" \
"--enable-ldap" \
"--enable-authnz-ldap" \
"--with-ldap-lib=/usr/local/lib" \
"--with-ldap-include=/usr/local/include" \
"--with-ldap" \
"$@"

Note that the three last flags tell to apr/apr-util where are the ldap
libraries :

"--with-ldap-lib=/usr/local/lib" \
"--with-ldap-include=/usr/local/include" \
"--with-ldap" \

2) The second way is using external apr and apr-util installation. In
this case, you can download apr/apr-util
(http://apr.apache.org/download.cgi), or use the bundled sources. I've
been used  the second and followed
the same document at http://httpd.apache.org/docs/2.2/install.html.
Remember that you need apr/apr-util >=
1.2 to apache 2.2.2.

Below,  the three steps that I've been used to install in this way :

a) Build and install apr 1.2 :

# cd /usr/local/src/http

RE: [EMAIL PROTECTED] mod_authnz_ldap for 2.2.2

2006-07-28 Thread Declerck Michael-W30479 



Update:
 
I went to a clean environment shell and tried Elaine's 
suggestions. The Apache installed successfully!
 
However, there was one condition during the install: I 
could not install Apache into it's original home directory 
location.
I had to install it in 
/usr/local/apache2.
 
Everytime I treid to install in the old location, I would 
get an erro saying "libtool will only install apr into a directory ending in 
/usr/local/apache2//lib".
I tried recompiling apr into my home 
directory using the steps on the http://httpd.apache.org/docs/2.2/install.html page, 
and I got the same error as above. 
I tried using the --with-apr and --with-apr-util flags 
pointing to my original install in the home directory, but that only caused 
errors in the make.
 
Thus, I have apache installed in two places on my machine 
(oh double the fun!).
Does anyone know if the modules I installed will be 
availabe to both installs?
 
Any advice is appreciated,
Micahel


From: Declerck Michael-W30479 Sent: 
Friday, July 28, 2006 11:10 AMTo: 
users@httpd.apache.orgSubject: RE: [EMAIL PROTECTED] mod_authnz_ldap for 
2.2.2

I tried the extra --with-ldap-include and --with-ldap-lib 
flags, but I get the same error.
Do you think this may have to do with the environment 
variables CPPFLAGS, CFLAGS, LDFLAGS, and or LD_LIBRARY_PATH?
See my previous message for what they are set to 
(LD_LIBRARY_PATH is set to 
/directory/of/previous/apache/install/lib:${LD_LIBRARY_PATH}).
 
I have been trying to do the apr-util recompile as listed 
on the http://httpd.apache.org/docs/2.2/install.html page.
The first step on the site (see link above) which is 
to compile apr, it compiles _very quickly_ (the make lasts about two lines). 

Otherwise, this first step compiles without incident 
into the previous Apache install folder in my home 
directory.
 
The second step apr-util configuration runs without 
incident, but during the make I get the following error:
 
libtool: install: error: cannot install `libaprutil-1.la' 
to a directory not ending in /directory/of/previous/apache/install//libmake: 
*** [install] Error 1
despite the prefix flag being set to 
/directory/of/previous/apache/install, it seems like it is looking somewhere 
else. But I don't know how to tell.
I'm thinking that I should have never compiled Apache the 
first time with a prefix, I have a feeling this has not helped my 
problems.
 
So I tried to compile apache again (with all your suggested 
flags below) without the prefix. I experienced the same apr library errors 
during the make as listed in my previous email.
Again, I am not sure if this has anything to do with the 
environment variables I have set, to tell you the truth I am not really sure 
when or when not to use them.
The problems seem to pile on top of 
themselves.
 
I thank you for your response, if you have any further 
advice I am grateful to hear it.


From: elaine [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 28, 2006 8:12 AMTo: 
users@httpd.apache.orgSubject: Re: [EMAIL PROTECTED] mod_authnz_ldap for 
2.2.2
Michael,Do you have any previous apr installation ? If 
you don't have, try to use the bundled apr and apr-util that comes with the 
apache httpd source releases. To do this, you need to include these options 
into your apache configuration:--enable-ldap
--enable-authnz-ldap
--with-ldap-lib=/usr/local/lib
--with-ldap-include=/usr/local/include
--with-ldap

Regards,
Elaine
Declerck Michael-W30479 wrote:
My current situation of mod_authnz_ldap is still not good.

The issue was the ldap libraries which I had downloaded from the
OpenLDAP source.
The libraries were being installed in /usr/local/lib.
I had to point LDFLAGS to -L/usr/local/lib, and CPPFLAGS and CFLAGS to
-I/usr/local/include.
The Apache configure had no errors with these environment variables.

Unfortunately,
I get these errors during the Apache make:
server/.libs/libmain.a(exports.o):(.data+0xe48): undefined reference to
`apr_ldap_ssl_init'
server/.libs/libmain.a(exports.o):(.data+0xe4c): undefined reference to
`apr_ldap_ssl_deinit'
server/.libs/libmain.a(exports.o):(.data+0xe50): undefined reference to
`apr_ldap_init'
server/.libs/libmain.a(exports.o):(.data+0xe54): undefined reference to
`apr_ldap_info'
server/.libs/libmain.a(exports.o):(.data+0xe58): undefined reference to
`apr_ldap_get_option'
server/.libs/libmain.a(exports.o):(.data+0xe5c): undefined reference to
`apr_ldap_set_option'
server/.libs/libmain.a(exports.o):(.data+0xe60): undefined reference to
`apr_ldap_is_ldap_url'
server/.libs/libmain.a(exports.o):(.data+0xe64): undefined reference to
`apr_ldap_is_ldaps_url'
server/.libs/libmain.a(exports.o):(.data+0xe68): undefined reference to
`apr_ldap_is_ldapi_url'
server/.libs/libmain.a(exports.o):(.data+0xe6c): undefined reference to
`apr_ldap_url_parse_ext'
server/.libs/libmain.a(exports.o):(.data+0xe70): undefined reference to
`

RE: [EMAIL PROTECTED] mod_authnz_ldap for 2.2.2

2006-07-28 Thread Declerck Michael-W30479 



I tried the extra --with-ldap-include and --with-ldap-lib 
flags, but I get the same error.
Do you think this may have to do with the environment 
variables CPPFLAGS, CFLAGS, LDFLAGS, and or LD_LIBRARY_PATH?
See my previous message for what they are set to 
(LD_LIBRARY_PATH is set to 
/directory/of/previous/apache/install/lib:${LD_LIBRARY_PATH}).
 
I have been trying to do the apr-util recompile as listed 
on the http://httpd.apache.org/docs/2.2/install.html page.
The first step on the site (see link above) which is 
to compile apr, it compiles _very quickly_ (the make lasts about two lines). 

Otherwise, this first step compiles without incident 
into the previous Apache install folder in my home 
directory.
 
The second step apr-util configuration runs without 
incident, but during the make I get the following error:
 
libtool: install: error: cannot install `libaprutil-1.la' 
to a directory not ending in /directory/of/previous/apache/install//libmake: 
*** [install] Error 1
despite the prefix flag being set to 
/directory/of/previous/apache/install, it seems like it is looking somewhere 
else. But I don't know how to tell.
I'm thinking that I should have never compiled Apache the 
first time with a prefix, I have a feeling this has not helped my 
problems.
 
So I tried to compile apache again (with all your suggested 
flags below) without the prefix. I experienced the same apr library errors 
during the make as listed in my previous email.
Again, I am not sure if this has anything to do with the 
environment variables I have set, to tell you the truth I am not really sure 
when or when not to use them.
The problems seem to pile on top of 
themselves.
 
I thank you for your response, if you have any further 
advice I am grateful to hear it.


From: elaine [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 28, 2006 8:12 AMTo: 
users@httpd.apache.orgSubject: Re: [EMAIL PROTECTED] mod_authnz_ldap for 
2.2.2
Michael,Do you have any previous apr installation ? If 
you don't have, try to use the bundled apr and apr-util that comes with the 
apache httpd source releases. To do this, you need to include these options 
into your apache configuration:--enable-ldap
--enable-authnz-ldap
--with-ldap-lib=/usr/local/lib
--with-ldap-include=/usr/local/include
--with-ldap

Regards,
Elaine
Declerck Michael-W30479 wrote:
My current situation of mod_authnz_ldap is still not good.

The issue was the ldap libraries which I had downloaded from the
OpenLDAP source.
The libraries were being installed in /usr/local/lib.
I had to point LDFLAGS to -L/usr/local/lib, and CPPFLAGS and CFLAGS to
-I/usr/local/include.
The Apache configure had no errors with these environment variables.

Unfortunately,
I get these errors during the Apache make:
server/.libs/libmain.a(exports.o):(.data+0xe48): undefined reference to
`apr_ldap_ssl_init'
server/.libs/libmain.a(exports.o):(.data+0xe4c): undefined reference to
`apr_ldap_ssl_deinit'
server/.libs/libmain.a(exports.o):(.data+0xe50): undefined reference to
`apr_ldap_init'
server/.libs/libmain.a(exports.o):(.data+0xe54): undefined reference to
`apr_ldap_info'
server/.libs/libmain.a(exports.o):(.data+0xe58): undefined reference to
`apr_ldap_get_option'
server/.libs/libmain.a(exports.o):(.data+0xe5c): undefined reference to
`apr_ldap_set_option'
server/.libs/libmain.a(exports.o):(.data+0xe60): undefined reference to
`apr_ldap_is_ldap_url'
server/.libs/libmain.a(exports.o):(.data+0xe64): undefined reference to
`apr_ldap_is_ldaps_url'
server/.libs/libmain.a(exports.o):(.data+0xe68): undefined reference to
`apr_ldap_is_ldapi_url'
server/.libs/libmain.a(exports.o):(.data+0xe6c): undefined reference to
`apr_ldap_url_parse_ext'
server/.libs/libmain.a(exports.o):(.data+0xe70): undefined reference to
`apr_ldap_url_parse'
modules/aaa/.libs/libmod_authnz_ldap.a(mod_authnz_ldap.o): In function
`mod_auth_ldap_parse_url':mod_authnz_ldap.c:(.text+0x1e84): undefined
reference to `apr_ldap_url_parse'
collect2: ld returned 1 exit status
make[1]: *** [httpd] Error 1

I have very little idea of what to do.
Any help at all is appreciated.


-Original Message-
From: Declerck Michael-W30479 
Sent: Thursday, July 20, 2006 2:31 PM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] mod_authnz_ldap for 2.2.2

Kenneth,
Thank you for the redirect to /usr/lib/apache2/modules/, I was wondering
why none of the modules had the .so extension in the mods-available/
directory.
Upon looking in that folder, I found a mod_auth_ldap.so module which the
link below suggests was replaced by mod_authnz_ldap in the Apache2.2
release.

The documentation said that the most significant change between 2.0 and
2.2 was the authorization modules
(http://httpd.apache.org/docs/2.2/upgrading.html).
I have been searching around in the Ubuntu Dapper servertalk and howto
forums, but have found nothing as yet.

I am going to try to use the mod_auth_ldap.so

RE: [EMAIL PROTECTED] mod_authnz_ldap for 2.2.2

2006-07-27 Thread Declerck Michael-W30479 
My current situation of mod_authnz_ldap is still not good.

The issue was the ldap libraries which I had downloaded from the
OpenLDAP source.
The libraries were being installed in /usr/local/lib.
I had to point LDFLAGS to -L/usr/local/lib, and CPPFLAGS and CFLAGS to
-I/usr/local/include.
The Apache configure had no errors with these environment variables.

Unfortunately,
I get these errors during the Apache make:
server/.libs/libmain.a(exports.o):(.data+0xe48): undefined reference to
`apr_ldap_ssl_init'
server/.libs/libmain.a(exports.o):(.data+0xe4c): undefined reference to
`apr_ldap_ssl_deinit'
server/.libs/libmain.a(exports.o):(.data+0xe50): undefined reference to
`apr_ldap_init'
server/.libs/libmain.a(exports.o):(.data+0xe54): undefined reference to
`apr_ldap_info'
server/.libs/libmain.a(exports.o):(.data+0xe58): undefined reference to
`apr_ldap_get_option'
server/.libs/libmain.a(exports.o):(.data+0xe5c): undefined reference to
`apr_ldap_set_option'
server/.libs/libmain.a(exports.o):(.data+0xe60): undefined reference to
`apr_ldap_is_ldap_url'
server/.libs/libmain.a(exports.o):(.data+0xe64): undefined reference to
`apr_ldap_is_ldaps_url'
server/.libs/libmain.a(exports.o):(.data+0xe68): undefined reference to
`apr_ldap_is_ldapi_url'
server/.libs/libmain.a(exports.o):(.data+0xe6c): undefined reference to
`apr_ldap_url_parse_ext'
server/.libs/libmain.a(exports.o):(.data+0xe70): undefined reference to
`apr_ldap_url_parse'
modules/aaa/.libs/libmod_authnz_ldap.a(mod_authnz_ldap.o): In function
`mod_auth_ldap_parse_url':mod_authnz_ldap.c:(.text+0x1e84): undefined
reference to `apr_ldap_url_parse'
collect2: ld returned 1 exit status
make[1]: *** [httpd] Error 1

I have very little idea of what to do.
Any help at all is appreciated.


-Original Message-
From: Declerck Michael-W30479 
Sent: Thursday, July 20, 2006 2:31 PM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] mod_authnz_ldap for 2.2.2

Kenneth,
Thank you for the redirect to /usr/lib/apache2/modules/, I was wondering
why none of the modules had the .so extension in the mods-available/
directory.
Upon looking in that folder, I found a mod_auth_ldap.so module which the
link below suggests was replaced by mod_authnz_ldap in the Apache2.2
release.

The documentation said that the most significant change between 2.0 and
2.2 was the authorization modules
(http://httpd.apache.org/docs/2.2/upgrading.html).
I have been searching around in the Ubuntu Dapper servertalk and howto
forums, but have found nothing as yet.

I am going to try to use the mod_auth_ldap.so and see how the Apache
takes it.
I will let you know what happens Kenneth.

If anyone has found anywhere to download standard 2.2 modules such as
mod_auth_basic, mod_authn_file, mod_authz_user, mod_authz_groupfile, and
mod_authnz_ldap please let me know. 
Your help is always appreciated.

Michael DeClerck

-Original Message-
From: Kenneth Stueflotten Svee [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 20, 2006 3:43 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] mod_authnz_ldap for 2.2.2

[ Declerck Michael-W30479 ]

> Hello,
> I installed Apache2.2.2 several weeks ago on my Ubuntu Linux machine 
> (which is similar to Debian), and also on my Windows XP machine. I 
> went to my /etc/apache2/mods-available/ directory looking for the 
> mod_authnz_ldap package which (according to
> http://httpd.apache.org/docs/2.2/mod/) should be available.

Seems to be an Ubuntu build issue. You should try the Ubuntu-support
features (forums and whatnot).


> However, the mod_authnz_ldap module does not exist in that directory, 
> nor do many other modules which the Apache documentation suggests 
> should exist.

The modules them selves are found (on my Ubuntu Dapper) in
/usr/lib/apache2/modules/, and haven't found any mod_authnz_ldap.so
either. The module is however not enabled by default when compiling
Apache2.2, so it may be it's available as an addon, but a quick
apt-cache search did not reveal anything. Again, try the Ubuntu forum.


Rgds,
Kenneth Svee

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project

RE: [EMAIL PROTECTED] Perl data-file

2006-07-27 Thread Declerck Michael-W30479 
Just an update of my current case with Perl data-files.

I decided that suEXEC is a bit too advanced for me.
Instead, I created a folder with sufficient permissions outside the
document root to write/create/store the data-files.
I wonder how much a security risk this is compared to suEXEC.

The only reason I decided not to use it is because the documentation
warned of serious security issues if it was used improperly.
Again, I am not the expert in the stuff, but thank you for your
suggestion anyway.

-Original Message-
From: Declerck Michael-W30479 
Sent: Wednesday, July 26, 2006 6:12 PM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] Perl data-file

You are awesome. Thank you very much. 

-Original Message-
From: Richard de Vries [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 26, 2006 6:04 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Perl data-file

Sounds like something fo suexec

http://httpd.apache.org/docs/2.2/suexec.html

--- Declerck Michael-W30479 <[EMAIL PROTECTED]>
wrote:

> Hello,
> I have a problem with an Apache version 2.2 server running a Perl 
> script on an Ubuntu 6.06 machine that creates and appends a data-file.
> Currently, the data-file exists one folder deep in the document root.
> Apache clients run as the user daemon in group daemon.
> When the data-file is created, the file ownership and group is set to 
> daemon.
> The problem with this is that every Apache client runs as daemon, and 
> could simply guess the folder and data-file name, thus displaying 
> sensitive information (like contact information of other client's
> input) that they shouldn't be able to see.
>  
> I tried modifying the Perl script to put the file in another folder 
> outside of the Apache root directory, fortunately Apache denies 
> permission to all folders outside the document root(with the right 
> configuration).
>  
> The client should be able to view the index page, input data, and run 
> the Perl script only.
> The data-file should only be modifiable by the Perl script, and unable

> to be read, modified, or executed by daemon.
>  
> If you have any advice or tips on this matter, I would truly 
> appreciate your help.
>  
> Michael DeClerck
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] Perl data-file

2006-07-26 Thread Declerck Michael-W30479 
You are awesome. Thank you very much. 

-Original Message-
From: Richard de Vries [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 26, 2006 6:04 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Perl data-file

Sounds like something fo suexec

http://httpd.apache.org/docs/2.2/suexec.html

--- Declerck Michael-W30479 <[EMAIL PROTECTED]>
wrote:

> Hello,
> I have a problem with an Apache version 2.2 server running a Perl 
> script on an Ubuntu 6.06 machine that creates and appends a data-file.
> Currently, the data-file exists one folder deep in the document root.
> Apache clients run as the user daemon in group daemon.
> When the data-file is created, the file ownership and group is set to 
> daemon.
> The problem with this is that every Apache client runs as daemon, and 
> could simply guess the folder and data-file name, thus displaying 
> sensitive information (like contact information of other client's 
> input) that they shouldn't be able to see.
>  
> I tried modifying the Perl script to put the file in another folder 
> outside of the Apache root directory, fortunately Apache denies 
> permission to all folders outside the document root(with the right 
> configuration).
>  
> The client should be able to view the index page, input data, and run 
> the Perl script only.
> The data-file should only be modifiable by the Perl script, and unable

> to be read, modified, or executed by daemon.
>  
> If you have any advice or tips on this matter, I would truly 
> appreciate your help.
>  
> Michael DeClerck
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] Perl data-file

2006-07-26 Thread Declerck Michael-W30479 




Hello,
I have a problem 
with an Apache version 2.2 server running a 
Perl script on an Ubuntu 6.06 machine that creates and appends a data-file.
Currently, the 
data-file exists one folder deep in the document root.
Apache clients run 
as the user daemon in group daemon.
When the data-file 
is created, the file ownership and group is set to daemon.
The problem with 
this is that every Apache client runs as daemon, and could 
simply guess the folder and data-file name, thus displaying sensitive 
information (like contact information of other client's input) that they 
shouldn't be able to see.
 
I 
tried modifying the Perl script to put the file in another folder 
outside of the Apache root directory, fortunately Apache denies permission to 
all folders outside the document root(with the right 
configuration).
 
The client 
should be able to view the index 
page, input data, and run the Perl script only. 
The data-file 
should only be modifiable by the Perl script, and unable to be read, modified, or executed by 
daemon.
 
If you have any advice or tips on this matter, I would truly 
appreciate your help.
 
Michael 
DeClerck

[EMAIL PROTECTED] mod_authnz_ldap static compile

2006-07-24 Thread Declerck Michael-W30479 



I using Ubuntu 6.06 

Does anyone know how 
to define where the LDAP libraries are when compiling the mod_authnz_ldap module 
statically into Apache2.2?
 
I get an error 
"configure: error: could not find an LDAP library".
 
I am using the 
configure line: "./configure --with-ldap --enable-ldap --enable-authnz-ldap 
--prefix=homeDirectory/apache2.2" to recompile Apache2.2.
This is suggested in 
the src/modules/ldap/README.ldap file attached.
 
I installed the 
OpenLDAP utility slapd which came with ldap libraries.
A quick "sudo 
apt-get install libldap2" confirms this.
 
If you have any 
advice or insight at all, please respond.
 
Thanks,
Michael 
DeClerck


README.ldap
Description: README.ldap
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [EMAIL PROTECTED] mod_authnz_ldap for 2.2.2

2006-07-20 Thread Declerck Michael-W30479 
Kenneth,
Thank you for the redirect to /usr/lib/apache2/modules/, I was wondering
why none of the modules had the .so extension in the mods-available/
directory.
Upon looking in that folder, I found a mod_auth_ldap.so module which the
link below suggests was replaced by mod_authnz_ldap in the Apache2.2
release.

The documentation said that the most significant change between 2.0 and
2.2 was the authorization modules
(http://httpd.apache.org/docs/2.2/upgrading.html).
I have been searching around in the Ubuntu Dapper servertalk and howto
forums, but have found nothing as yet.

I am going to try to use the mod_auth_ldap.so and see how the Apache
takes it.
I will let you know what happens Kenneth.

If anyone has found anywhere to download standard 2.2 modules such as
mod_auth_basic, mod_authn_file, mod_authz_user, mod_authz_groupfile, and
mod_authnz_ldap please let me know. 
Your help is always appreciated.

Michael DeClerck

-Original Message-
From: Kenneth Stueflotten Svee [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 20, 2006 3:43 AM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] mod_authnz_ldap for 2.2.2

[ Declerck Michael-W30479 ]

> Hello,
> I installed Apache2.2.2 several weeks ago on my Ubuntu Linux machine 
> (which is similar to Debian), and also on my Windows XP machine. I 
> went to my /etc/apache2/mods-available/ directory looking for the 
> mod_authnz_ldap package which (according to
> http://httpd.apache.org/docs/2.2/mod/) should be available.

Seems to be an Ubuntu build issue. You should try the Ubuntu-support
features (forums and whatnot).


> However, the mod_authnz_ldap module does not exist in that directory, 
> nor do many other modules which the Apache documentation suggests 
> should exist.

The modules them selves are found (on my Ubuntu Dapper) in
/usr/lib/apache2/modules/, and haven't found any mod_authnz_ldap.so
either. The module is however not enabled by default when compiling
Apache2.2, so it may be it's available as an addon, but a quick
apt-cache search did not reveal anything. Again, try the Ubuntu forum.


Rgds,
Kenneth Svee

-
The official User-To-User support forum of the Apache HTTP Server
Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[EMAIL PROTECTED] mod_authnz_ldap for 2.2.2

2006-07-19 Thread Declerck Michael-W30479 



Hello,
I installed 
Apache2.2.2 several weeks ago on my Ubuntu Linux machine (which is 
similar to Debian), and also on my Windows XP machine.
I went to my 
/etc/apache2/mods-available/ directory looking for the mod_authnz_ldap 
package which (according to http://httpd.apache.org/docs/2.2/mod/) 
should be available.
However, the 
mod_authnz_ldap module does not exist in that directory, nor do many other 
modules which the Apache documentation suggests should 
exist.
I google searched 
mod_authnz_download and found nothing but documentation on how to use 
it.
The Apache2.2.2 
install on my Windows XP machine has the authnz_ldap module, and many other 
modules in the rootDirectory/modules/ folder.
My Ubuntu Linux 
machine contains the single file "httpd.exp" which is full of ap_* and unix_* 
packages.
 
I am assuming that 
the module in question was not installed when Apache was 
installed.
If this is the case, 
where can I download module packages, 
particularly mod_authnz_ldap?
I assumed that the 
Apache UNIX install would work as was intended on Ubuntu, was that an 
incorrect assumption?
 
Michael 
DeClerck