Diego,
Not sure about 2.2.3, but the current version of the documentation
for the " Require ldap-group" directive
(http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#reqgroup)
Says:
Require ldap-group
This directive specifies an LDAP group whose members are allowed
access. It takes the distinguished name of the LDAP group. Note: Do not
surround the group name with quotes. For example, assume that the following
entry existed in the LDAP directory:
dn: cn=Administrators, o=Airius
objectClass: groupOfUniqueNames
uniqueMember: cn=Barbara Jenson, o=Airius
uniqueMember: cn=Fred User, o=Airius
The following directive would grant access to both Fred and Barbara:
Require ldap-group cn=Administrators, o=Airius
Behavior of this directive is modified by the AuthLDAPGroupAttribute
and AuthLDAPGroupAttributeIsDN directives.
Note the comment about NOT surrounding the group's DN with quotes...
...you surrounded yours with quotes:
Require ldap-group "CN=group_access, OU=Group, DC=domain, DC=com"
Don't know if that's the problem (probably not), but it is a deviation from the
specs.
-tony
-----Original Message-----
From: Diego Maciel Gomes [mailto:diego.go...@cecred.coop.br]
Sent: Wednesday, August 31, 2011 9:33 AM
To: users@httpd.apache.org
Subject: [users@httpd] RES: apache + AD auth
Anynone?
________________________________________
De: Diego Maciel Gomes [diego.go...@cecred.coop.br]
Enviado: terça-feira, 30 de agosto de 2011 15:08
Para: users@httpd.apache.org
Assunto: [users@httpd] apache + AD auth
Hello All...
I have auth against AD...
It was working fine, in a good day, it stops to work, and I have no idea why it
doesnt work now...
So, Im using windows 2008 R2 for windows and httpd-2.2.3-53 red hat OK?
this is my conf inside the virtualhost:
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "*** Cuidado - Acesso Restrito ***"
AuthLDAPURL
"ldap://domain.com:389/dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=user_read_ad, OU=People, DC=domain, DC=com"
AuthLDAPBindPassword pass_user_above
Require ldap-group "CN=group_access, OU=Group, DC=domain, DC=com"
I know that need to set this value below inside the /etc/openldap/ldap.conf :
REFERRALS off
when I access the directory, its calling the auth. I put my user that have
privileges, and I get the error: "500 Internal Server Error" and in the log, i
have this:
[Tue Aug 30 14:55:23 2011] [warn] [client 192.168.1.1] [32013] auth_ldap
authenticate: user my_user authentication failed; URI /files
[ldap_search_ext_s() for user failed][Operations error]
Anyone have any idea??
Thanks anyway,
Diego
--
Esta mensagem foi verificada pelo sistema de antivirus e
acredita-se estar livre de perigo.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
--
Esta mensagem foi verificada pelo sistema de antivirus e
acredita-se estar livre de perigo.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
