You're an idiot!
Sorry, just wanted to save you guys the trouble. I am an idiot (missing
allow from all in the directory entry, and don't need :443 vhost), and I
thank you for not pointing it out to me until I could figure it out for
myself.
Tom Hart wrote:
Hey guys. I finally got ldap authentication working, and I finally got
SSL working, now I have a slightly more complicated issue. What I
would like to happen is if a user tries to access the intranet through
a non-ssl connection (http://server) it should serve a page that
basically says "Please use ssl, you'll be redirected in 10 seconds"
(that page is made and works). However if they do that I want it to
not auth at all (right now everything has ldap auth setup) until it
goes to the ssl connection. Here's the relevant parts of httpd.conf
from my failed attempt. Any suggestions?
Oh btw, http:// gives me a 403 forbidden, and https:// gives me a
pop-up saying "server has sent an incorrect or unexpected message.
Error code -12263". I have gotten this to work a bit, where the ssl
works again, but it still auths on non-ssl.
DocumentRoot "C:/Program Files/Apache Software
Foundation/Apache2.2/htdocs"
Alias /spooldir "C:/data/SPOOLDIR/"
Alias /database "C:/data/Finops/Database/Data/Current"
Alias /nonssl "C:/Program Files/Apache Software
Foundation/Apache2.2/nonssl"
NameVirtualHost *:80
NameVirtualHost *:443
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Satisfy all
</Directory>
<Directory "C:/Program Files/Apache Software
Foundation/Apache2.2/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
AuthType Basic
AuthName "Intranet"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPUrl
"ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local?sAMAccountName"
AuthLDAPBindDN "cn=cu_apache_auth,cn=Users,dc=coopfed,dc=local"
AuthLDAPBindPassword "********"
Require valid-user
</Directory>
<Directory "C:/Program Files/Apache Software
Foundation/Apache2.2/nonssl">
Options Indexes FollowSymLinks
Order allow,deny
</Directory>
<Directory "C:/data/spooldir">
Order deny,allow
AuthType Basic
AuthName "Intranet"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPUrl
"ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local?sAMAccountName"
AuthLDAPBindDN "cn=cu_apache_auth,cn=Users,dc=coopfed,dc=local"
AuthLDAPBindPassword "********"
Require valid-user
</Directory>
<Directory "C:/data/Finops/Database/Data/Current">
Order deny,allow
AuthType Basic
AuthName "Database"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPUrl
"ldap://192.168.1.171:389/ou=People,dc=coopfed,dc=local?sAMAccountName"
AuthLDAPBindDN "cn=cu_apache_auth,cn=Users,dc=coopfed,dc=local"
AuthLDAPBindPassword "********"
Require ldap-user "tomhart"
</Directory>
<VirtualHost *:80>
ServerName che
DocumentRoot "C:/Program Files/Apache Software
Foundation/Apache2.2/nonssl"
</VirtualHost>
<VirtualHost *:443>
ServerName che
DocumentRoot "C:/Program Files/Apache Software
Foundation/Apache2.2/htdocs"
</VirtualHost>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]