Greetings!
I've successfully built apache2.2.8 with all the appropriate modules
[mod_authn*, mod_authz*, mod_dbd*, mod_ldap* etc etc] for ldap & mysql
support. An ldap [valid-user] protected area works fine. A mysql
[valid-user] protected area works fine. A mysql [require-dbd-group]
group protected area works fine.
However, when I use the "AuthBasicProvider ldap dbd" directive to
protect an area with ldap "failing through" to mysql the fall through
never occurs. Authentication / authorization seemingly gets "stuck" on
the first AuthBasicProvider argument. The 2nd argument is always ignored.
I explored this further by setting up a truth table where the
AuthBasicProvider arguments were swapped, the AuthLDAPURL &
AuthDBDUserPWQuery order were swapped, AuthzLDAPAuthoritative on/off
was toggled, & AuthBasicAuthoritative on/off was toggled. In all cases
the results indicate that only the 1st AuthBasicProvider argument gets
read while the 2nd is ignored.
I'm building apache with mod_dbd_mysql.c copied from apr-util-1.2.12
into httpd-2.2.8/srclib/apr-util/dbd
This is the configure I used:
CFLAGS='-DHAVE_MYSQL_H -I/usr/local/mysql/include
-L/usr/local/mysql/lib' ./configure --with-apr=/usr/local/apr
--with-apr-util=/usr/local/apr-util --enable-mods-shared=most
--enable-ldap --enable-authnz-ldap --enable-deflate --disable-userdir
--disable-cgi --disable-cgd --disable-auth-anon --disable-auth-dbm
--disable-expires --disable-headers --disable-status --disable-dav
--disable-dav-fs --disable-vhost-alias --disable-speling
--disable-rewrite --disable-ext-filter --enable-authn-alias
I then compiled mod_authz_dbd with "apxs -c -i -a mod_authz_dbd.c
mod_authz_dbd.h"
This is the directory in question:
<Directory ldap2mysql>
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "ldap2mysql"
AuthBasicProvider ldap dbd
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://ourldapserver/ou=people . . ."
AuthBasicAuthoritative on
AuthDBDUserPWQuery "SELECT password FROM mysqlauth WHERE user=%s"
Require valid-user
</Directory>
The mysql general.log and local.err logs show that a dbd connection is
not made. The apache error logs [debug] show that only LDAP connects.
[likewise, if dbd is the 1st provider only mysql shows a connection but
not ldap.]
Even though I know that the modules were refactored to prevent load
order from being an issue, I've just started to systematically change
the module load order so that all the ldap modules come before the dbd
modules but this has not resolved the issue . Our existing education
server which I'd like to upgrade from apache 2.0.58 uses mod_auth_mysql
and it requires a specific load order in order to work with apache's
built in ldap.
Can anyone give me a hint on the next step I should take in
troubleshooting?
Regards,
Bill Paredes
Computer Based Education
Albert Einstein College of Medicine
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
