Hallo,
ich stehe hier vor einem trivialen Problem und sehe den Wald vor Bäumen
nicht :-(
Ein interner Webserver soll von außen zugänglich sein, aber nur via
https und mit Authentifizierung.
Der Webserver selber macht weder https noch Authentifizierung, und das
soll auch so bleiben.
Mein Plan: Ein
Hi,
[...]
Location /
AuthName
AuthType basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPBindDN
AuthLDAPBindPassword
AuthLDAPUrl
AuthUserFile /dev/null
/Location
ProxyPass / http://intern.example.com/
ProxyPassReverse / http://intern.example.com/
Wäre nett, wenn
On Fri, Feb 27, 2009 at 04:29:40PM +0100, Sascha Kersken wrote:
Wäre nett, wenn jemand die Bäume wegräumen könnte :-)
IMHO fehlt da ganz klar ein Require, und dann müsste das gehen.
Hat mir der Kollege auch gerade ins Ohr geflüstert... Oh Mann, ist das
peinlich...
Rainer
Ed Avis schrieb:
This means that to get the current code working, I must
find the right LDAP search expression to locate users in the Directory.
Yes.
This
might be complicated by the fact that they are under 'WCL users' which contains
a space character.
You mean the DN contains a component
Thanks Anthony! :)
Jitesh
On Thu, 2009-02-26 at 08:55 -0700, Anthony J. Biacco wrote:
“Header unset Accept-Ranges” to not send it or
“Header set Accept-Ranges: none” to specifically set it to none
Fyi, mod_headers module must be loaded.
-Tony
---
Ed Avis wrote:
I don't know what the extra '?cn?sub' at the end of the query string is for
cn means that the attibute to use to login is the CN = common name,
sub means that the query will return all the SUB-entries (as opposed
to 'one' that returns max 1 entry).
[Fri Feb 27 11:26:09 2009]
--- Tony Anecito [Thu, Feb 26, 2009 at 08:57:37PM -0800]: ---
Yes. I mean SSLv2 or SSLv3
a higher level approach would be to check SSLCipherSuite and SSLProtocol
in httpd.con
-
The official User-To-User support forum of the
Davide Bianchi davide at walterisookeensufferukker.nl writes:
I don't know what the extra '?cn?sub' at the end of the query string is for
cn means that the attibute to use to login is the CN = common name,
Surely that's not what I want? The username is in the sAMAccountName attribute.
[Fri
Thanks for the replies.
I solved the problem. There was no entry in server.xml(of tomcat), i put
the entries. Then, i follow directives of the Anthony. In virtual host,
there was JkMount command, i changed its place.. But I use hostname(no ip)
in workers file. Now, it works. thank you very
Ed Avis wrote:
Davide Bianchi davide at walterisookeensufferukker.nl writes:
I don't know what the extra '?cn?sub' at the end of the query string is for
cn means that the attibute to use to login is the CN = common name,
Heee... sorry (not enough coffee in my bloodstream), that is the
On Fri, Feb 27, 2009 at 6:45 AM, Anton Yakimov
anton.yakimov.m...@gmail.com wrote:
Hi all,
I have also tried apache+ldap on other network host and result is the same:
[ldap_search_ext_s() for user failed][Bad search filter]
Maybe I can contact authnz_ldap module developer/maintainer?
Can
On Thu, Feb 26, 2009 at 9:13 AM, Anton Yakimov
anton.yakimov.m...@gmail.com wrote:
AuthLDAPUrl ldap://server.three.two.one:389/dc=three,
dc=two,
dc=one?sAMAccountName?sub?(objectClass=*) NONE
Why is NONE inside the quotes?
--
Eric Covener
cove...@gmail.com
Davide Bianchi davide at walterisookeensufferukker.nl writes:
I don't know what the extra '?cn?sub' at the end of the query string is for
Heee... sorry (not enough coffee in my bloodstream), that is the
attribute that is returned
Hmm, so what Apache does is first of all bind to the
Ed Avis eda at waniasset.com writes:
Hmm, so what Apache does is first of all bind to the directory server, then do
a
search using the query string which returns the 'cn' (common name). Finally it
constructs a distinguished name using this value of 'cn' and the password
supplied by the user.
I
Upgrading to Apache 2.2.11 fixes the segfault. Instead now I get an error_log
entry:
[Fri Feb 27 13:16:30 2009] [warn] [client 192.168.186.32] [2890] auth_ldap
authenticate: user eda authentication failed; URI /cgi-bin/test_auth/index.html
[ldap_search_ext_s() for user failed][Operations error]
Oh, I will create a report, thanks for support!
ps removed NONE - same error..
2009/2/27 Eric Covener cove...@gmail.com:
On Thu, Feb 26, 2009 at 9:13 AM, Anton Yakimov
anton.yakimov.m...@gmail.com wrote:
AuthLDAPUrl ldap://server.three.two.one:389/dc=three,
dc=two,
On Fri, Feb 27, 2009 at 8:21 AM, Ed Avis e...@waniasset.com wrote:
Upgrading to Apache 2.2.11 fixes the segfault. Instead now I get an error_log
entry:
[Fri Feb 27 13:16:30 2009] [warn] [client 192.168.186.32] [2890] auth_ldap
authenticate: user eda authentication failed; URI
On Thu, Feb 26, 2009 at 01:59:13PM -0500, Eric Covener wrote:
In LDAPv3, the bind is optional.
However, without a non-anonymous bind, ADS will cheerfully accept your
connection and as cheerfully return no information, regardless the
validity of your query. To actually get results out of ADS you
Ed Avis schrieb:
Marc Patermann hans.moser at ofd-sth.niedersachsen.de writes:
You mean the DN contains a component with a space in it!?
ou=WCL user,dc=foo,dc=bar
Ah... 'ou'... I was using 'cn'.
This was only an example. Actually I know nothing about the DIT in AD. :)
The corrected
On Fri, Feb 27, 2009 at 9:30 AM, Mark H. Wood mw...@iupui.edu wrote:
On Thu, Feb 26, 2009 at 01:59:13PM -0500, Eric Covener wrote:
In LDAPv3, the bind is optional.
However, without a non-anonymous bind, ADS will cheerfully accept your
connection and as cheerfully return no information,
Marc Patermann wrote:
Ed Avis schrieb:
Marc Patermann hans.moser at ofd-sth.niedersachsen.de writes:
[...]
This spits out details of every user in the domain, with the
sAMAccountName
being the user's login.
You were lucky. :)
No, he was just using Perl, and the magical CPAN library.
On Fri, Feb 27, 2009 at 3:45 PM, André Warnier a...@ice-sa.com wrote:
Now, to the OP : since you can do that with Perl, won't you consider writing
your own Apache/mod_perl LDAP authentication module, where you can do
exactly the same as you did in your test program ?
There are some stubs
Hi.
Apache 2.2
Suppose I have a VirtualHost configured (partially) such :
DocumentRoot /var/www/site1/docs
ScriptAlias /cgi-bin/ /var/www/site1/cgi-bin/
Directory /var/www/site1/cgi-bin
Order Allow,Deny
Allow from all
SetHandler xxx
...
/Directory
# Note : in the above directory is
Eric Covener covener at gmail.com writes:
[Fri Feb 27 13:16:30 2009] [warn] [client 192.168.186.32] [2890] auth_ldap
authenticate: user eda authentication failed; URI
/cgi-bin/test_auth/index.html
[ldap_search_ext_s() for user failed][Operations error]
If it made it out onto the wire, wireshark
André Warnier aw at ice-sa.com writes:
Now, to the OP : since you can do that with Perl, won't you consider
writing your own Apache/mod_perl LDAP authentication module, where you
can do exactly the same as you did in your test program ?
Yes that thought crossed my mind. There are four ways I
On Fri, Feb 27, 2009 at 12:19 PM, Ed Avis e...@waniasset.com wrote:
Eric Covener covener at gmail.com writes:
[Fri Feb 27 13:16:30 2009] [warn] [client 192.168.186.32] [2890] auth_ldap
authenticate: user eda authentication failed; URI
/cgi-bin/test_auth/index.html
[ldap_search_ext_s() for user
Hello Fellow List Readers ...
I'm not sure if this is an Apache problem or CAS problem, or possibly a
problem with my application Acegi configuration.
I'm hoping someone can give me a shove in the right direction.
We have a CAS server 3.3.1 running under Jboss 4.0.2. The CAS Server is
I'm no expert, but I think..
1. No
2. No
3. NA
4. What you're missing is that the url path in ScriptAlias matches from the
start of the uri..it's not a substring match.
For the authentication, I would THINK that the Location authentication would
take effect, yes.
For the script alias thing,
Anyone?
On Thu, Feb 26, 2009 at 11:23 AM, Devon Harding devonhard...@gmail.comwrote:
All of a sudden, my Apache server stopped proxying request. On the
browser, I get the following error. What causes this?
Max-Forwards has reached zero - proxy loop?
*
*
-Devon
Devon Harding wrote:
Anyone?
On Thu, Feb 26, 2009 at 11:23 AM, Devon Harding devonhard...@gmail.com
mailto:devonhard...@gmail.com wrote:
All of a sudden, my Apache server stopped proxying request. On the
browser, I get the following error. What causes this?
Max-Forwards has
If I put a .htaccess file in my webroot with the following rule:
RewriteRule ^(.*)$ /cgi-bin/scriptname.cgi?action=$1
Can I specify a script file outside the directory with the .htaccess
file in it (i.e. outside the webroot)?
Example:
/home/myname/public_html/.htaccess (see above)
Given that I have a location / locked down with authentication and that I
want a custom ErrorDocument 401 /register.html, how can I exclude the
/register.html page from the authentication location pattern?
--
View this message in context:
I think you can if you used a ScriptAlias or something similar in your
conf to map /cgi-bin to a directory of your choosing.
-Tony
---
Manager, IT Operations
Format Dynamics, Inc.
303-573-1800x27
abia...@formatdynamics.com
http://www.formatdynamics.com
-Original
On Fri, Feb 27, 2009 at 4:27 PM, Sean DeNigris s...@clipperadams.com wrote:
If I put a .htaccess file in my webroot with the following rule:
RewriteRule ^(.*)$ /cgi-bin/scriptname.cgi?action=$1
Can I specify a script file outside the directory with the .htaccess file in
it (i.e. outside the
34 matches
Mail list logo