Hi, I am using Apache HTTPD 2.2.4 release 4 in Fedora Core 4. I am trying to protect a cgi-bin folder using LDAP authentication from a OpenLDAP directory server.
Here is my configuration in httpd.conf: <Directory "/var/www/cgi-bin"> AuthType Basic AuthName "CVSweb" AllowOverride None Options None Order deny,allow Allow from all AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL ldap:// ldap.estream.com.my/ou=engineer,dc=example,dc=com,dc=my?uid?sub?(ob jectclass=posixAccount) Require valid-user </Directory> When I attempt to access a cgi from cgi-bin via web browser, An usual user/password dialog prompt and I able to access the cgi after enter correct user/password information. However, when I look into the error_log, I found this: [r...@bee httpd]# less error_log [Sat Sep 11 11:21:38 2010] [debug] mod_authnz_ldap.c(376): [client 192.168.0.126] [22429] auth_ldap authenticate: using URL ldap:// ldap.estream.com.my/ou=engineer,dc=estream,dc=com ,dc=my?uid?sub?(objectclass=posixAccount) [Sat Sep 11 11:21:38 2010] [debug] mod_authnz_ldap.c(475): [client 192.168.0.126] [22429] auth_ldap authenticate: accepting ccy [Sat Sep 11 11:21:38 2010] [debug] mod_authnz_ldap.c(842): [client 192.168.0.126] [22429] auth_ldap authorise: *declining to authorise* There is a "declining to authorise" showing in the error_log, but it seems weird as I able to access my cgi using correct user/password pair. Does anyone know what it means? My openldap service is host in Fedora Core 13 with SELINUX disable, the /etc/nsswitch.conf has been patched to disable sssd authentication: passwd: files ldap #sss shadow: files ldap #sss group: files ldap #sss My openldap service is able to handle STARTTLS connection and it is working for another 3 samba servers in my network. -- Best regards, Chau Chee Yang E Stream Software Sdn Bhd URL: www.sql.com.my SQL Financial Accounting