I finally found the answer:
AuthBasicProvider ldap
It would be nice if a note was included in the mod_authnz_ldap
docs indicating that this is required and giving the correct syntax,
since the mod_auth_basic doc doesn't say what to use to enable
LDAP.
James Garrison wrote:
Apache 2.2 rejects the AuthLDAPEnabled directive as a syntax error:
Syntax error on line 1036 of
/home/jhg/sysconfig/bugzilla/etc/httpd/conf/httpd.conf:
Invalid command 'AuthLDAPEnabled', perhaps misspelled or defined by a
module not included in the server configuration
Some googling hinted that this directive is no longer needed, so I
removed
it. Apache starts OK, but never attempts to do an LDAP query.
ldapsearch
has no problem connecting to the remote LDAP server. Apache logs no
error
messages, and the BasicAuth dialog just gets presented over and over
regardless of what I enter. tcpdump monitoring on ports 389/636 shows
traffic when using ldapsearch but nothing when trying to authenticate to
Apache.
This is a configuration that's been working for about a year on FC4 with
Apache 2.0.53. Can someone point out how to get LDAP enabled in 2.2?
The relevant config bits are:
LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
LDAPTrustedGlobalCert CA_BASE64 /etc/pki/tls/certs/ca-bundle.crt
<VirtualHost 10.56.8.253:443>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /usr/local/mozilla/webtools/bugzilla
ServerName bugzilla.mydomain.com
ErrorLog logs/bugzilla-error_log
CustomLog logs/bugzilla-access_log common
<Directory /usr/local/mozilla/webtools/bugzilla>
Options ExecCGI Indexes FollowSymLinks
AllowOverride all
AuthType Basic
AuthName "Bugzilla"
AuthLDAPBindDN "cn=ldapQuery,cn=Users,dc=mydomain,dc=com"
AuthLDAPBindPassword ldapQuery
AuthLDAPURL
"ldap://triton.mydomain.com/cn=Users,dc=mydomain,dc=int?samAccountName,mail?sub?(&(objectCategory=Person)(objectClass=User))"
Require valid-user
SetEnv PROJECT ag
</Directory>
</VirtualHost>
Module list:
[EMAIL PROTECTED] conf]$ httpd -M
Loaded Modules:
core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
auth_basic_module (shared)
auth_digest_module (shared)
authn_file_module (shared)
authn_alias_module (shared)
authn_anon_module (shared)
authn_dbm_module (shared)
authn_default_module (shared)
authz_host_module (shared)
authz_user_module (shared)
authz_owner_module (shared)
authz_groupfile_module (shared)
authz_dbm_module (shared)
authz_default_module (shared)
ldap_module (shared)
authnz_ldap_module (shared)
include_module (shared)
log_config_module (shared)
logio_module (shared)
env_module (shared)
ext_filter_module (shared)
mime_magic_module (shared)
expires_module (shared)
deflate_module (shared)
headers_module (shared)
usertrack_module (shared)
setenvif_module (shared)
mime_module (shared)
dav_module (shared)
status_module (shared)
autoindex_module (shared)
info_module (shared)
dav_fs_module (shared)
vhost_alias_module (shared)
negotiation_module (shared)
dir_module (shared)
actions_module (shared)
speling_module (shared)
userdir_module (shared)
alias_module (shared)
rewrite_module (shared)
proxy_module (shared)
proxy_balancer_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_connect_module (shared)
cache_module (shared)
suexec_module (shared)
disk_cache_module (shared)
file_cache_module (shared)
mem_cache_module (shared)
cgi_module (shared)
perl_module (shared)
php5_module (shared)
proxy_ajp_module (shared)
python_module (shared)
ssl_module (shared)
Syntax OK
LDAP client RPMs:
[EMAIL PROTECTED] conf]$ rpm -qa|grep ldap
openldap-clients-2.3.19-4
openldap-2.3.19-4
nss_ldap-249-1
php-ldap-5.1.2-5
--
James Garrison Athens Group, Inc.
mailto:[EMAIL PROTECTED] 5608 Parkcrest Dr
http://www.athensgroup.com Austin, TX 78731
SKYPE callto:jhg-athensgroup (512) 345-0600 x150
PGP: RSA=0x92E90A3B DH/DSS=0x498D331C
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
