Hello,
Please forgive me if this is the wrong place to post questions about
mod_authnz_ldap, but I've been struggling with this particularly issue for a
few days now ...
I have a (working) openldap server which contains a number of user accounts.
see extract below :
dn: uid=pmiles,ou=people,dc=paymo,dc=com
givenName: Paul
sn: Miles
mail: paul.mi...@paymo.com
cn: Paul Miles
uid: pmiles
userPassword:: Q0hebmczTTM=
uidNumber: 1011
gidNumber: 10000
homeDirectory: /dev/null
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
structuralObjectClass: inetOrgPerson
entryUUID: 131b7288-e55a-102d-8cc6-3d5a9f4d1623
creatorsName: cn=Manager,dc=paymo,dc=com
createTimestamp: 20090604134805Z
entryCSN: 20090604134805Z#000000#00#000000
modifiersName: cn=Manager,dc=paymo,dc=com
modifyTimestamp: 20090604134805Z
dn: cn=sys_admins,ou=group,dc=paymo,dc=com
cn: sys_admins
gidNumber: 1000
objectClass: posixGroup
objectClass: top
structuralObjectClass: posixGroup
entryUUID: dfdbed90-e567-102d-8cc8-3d5a9f4d1623
creatorsName: cn=Manager,dc=paymo,dc=com
createTimestamp: 20090604152652Z
memberUid: paul.mi...@paymo.com
entryCSN: 20090609120825Z#000000#00#000000
modifiersName: cn=Manager,dc=paymo,dc=com
modifyTimestamp: 20090609120825Z
This is my apache virtual host config :
<Location /en>
AuthType Basic
AuthName "TEST"
AuthLDAPURL ldap://web1.paymo.net:389/ou=People,dc=paymo,dc=com?mail
# require valid-user
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPGroupAttributeIsDN off
require ldap-group cn=sysadmins,dc=paymo,dc=com
</Location>
If I uncomment 'require valid-user' and comment 'require ldap-group' then I can
authenticate absolutely fine.
However, if I comment out the 'require valid-user' and uncomment 'require
ldap-group', then it never manages to authenticate.
I see these errors in the apache error logs :
[Tue Jun 09 17:52:33 2009] [debug] mod_authnz_ldap.c(373): [client 192.168.0.9]
[24341] auth_ldap authenticate: using URL
ldap://web1.paymo.net:389/ou=People,dc=paymo,dc=com?mail, referer:
http://devwww.paymo.com/
[Tue Jun 09 17:52:33 2009] [debug] mod_authnz_ldap.c(454): [client 192.168.0.9]
[24341] auth_ldap authenticate: accepting paul.mi...@paymo.com, referer:
http://devwww.paymo.com/
[Tue Jun 09 17:52:33 2009] [debug] mod_authnz_ldap.c(821): [client 192.168.0.9]
[24341] auth_ldap authorise: declining to authorise, referer:
http://devwww.paymo.com/
[Tue Jun 09 17:52:33 2009] [error] [client 192.168.0.9] access to
/en/company.html failed, reason: require directives present and no
Authoritative handler., referer: http://devwww.paymo.com/
[Tue Jun 09 17:52:36 2009] [debug] mod_authnz_ldap.c(373): [client 192.168.0.9]
[24342] auth_ldap authenticate: using URL
ldap://web1.paymo.net:389/ou=People,dc=paymo,dc=com?mail, referer:
http://devwww.paymo.com/
[Tue Jun 09 17:52:36 2009] [debug] mod_authnz_ldap.c(454): [client 192.168.0.9]
[24342] auth_ldap authenticate: accepting paul.mi...@paymo.com, referer:
http://devwww.paymo.com/
[Tue Jun 09 17:52:36 2009] [debug] mod_authnz_ldap.c(821): [client 192.168.0.9]
[24342] auth_ldap authorise: declining to authorise, referer:
http://devwww.paymo.com/
[Tue Jun 09 17:52:36 2009] [error] [client 192.168.0.9] access to
/en/company.html failed, reason: require directives present and no
Authoritative handler., referer: http://devwww.paymo.com/
I'd welcome any advice/suggestions on this.
Many thanks for your time.
Paul
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
