[users@httpd] ldap group problems

Wed, 11 Jul 2007 18:32:58 -0700 

httpd v2.2.4 from source on macos 10.4.9

I have a configuration like this.  In the first case using require
valid-user, everything works as expected.  I can authenticate users just
fine.  However, when I use the second Location block, I have problems
and cannot authorize against the group.  Any suggestions?

Thanks,
Sean


<Location /svn/>
        AuthLDAPBindDN  cn=secretuser,dc=octopus,dc=nci,dc=nih,dc=gov
        AuthLDAPBindPassword    secret
        AuthzLDAPAuthoritative off
        AuthType        basic
        AuthName        "svn repository"
        AuthBasicProvider       ldap
        AuthLDAPURL     
ldap://octopus.nci.nih.gov/dc=octopus,dc=nci,dc=nih,dc=gov
        require valid-user
</Location>


<Location /svn2/>
        AuthLDAPBindDN  cn=secretuser,dc=octopus,dc=nci,dc=nih,dc=gov
        AuthLDAPBindPassword    secret
        Allow from all
        AuthzLDAPAuthoritative off
        AuthLDAPGroupAttributeIsDN off
        AuthLDAPGroupAttribute member
        AuthType        basic
        AuthName        "svn repository"
        AuthBasicProvider       ldap
        AuthLDAPURL     
ldap://octopus.nci.nih.gov/dc=octopus,dc=nci,dc=nih,dc=gov
        require ldap-group cn=mpiuser,ou=group,dc=octopus,dc=nci,dc=nih,dc=gov
</Location>


Here is what the apache log shows:

[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(376): [client
137.187.209.230] [8873] auth_ldap authenticate: using URL
ldap://octopus.nci.nih.gov/dc=octopus,dc=nci,dc=nih,dc=gov
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(475): [client
137.187.209.230] [8873] auth_ldap authenticate: accepting sdavis
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(712): [client
137.187.209.230] [8873] auth_ldap authorise: require group: testing for
group membership in "cn=mpiuser,ou=group,dc=octopus,dc=nci,dc=nih,dc=gov"
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(718): [client
137.187.209.230] [8873] auth_ldap authorise: require group: testing for
member: sdavis (cn=mpiuser,ou=group,dc=octopus,dc=nci,dc=nih,dc=gov)
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(734): [client
137.187.209.230] [8873] auth_ldap authorise: require group
"cn=mpiuser,ou=group,dc=octopus,dc=nci,dc=nih,dc=gov": authorisation
failed [Comparison complete][Invalid syntax]
[Wed Jul 11 20:30:44 2007] [debug] mod_authnz_ldap.c(842): [client
137.187.209.230] [8873] auth_ldap authorise: declining to authorise
[Wed Jul 11 20:30:44 2007] [error] [client 137.187.209.230] access to
/svn2/apache_pb.png failed, reason: require directives present and no
Authoritative handler.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to