Hi,
do you have an other authorization modules (like mod_shib for
shibboleth-authentication)?
We had an issue concerning require valid-user, too. I guess that if
several authorization handlers are active "require valid-user"
directives asks each of them for approval. At least mod_shib shows this
behaviour. The fact that if you give the specific user (which determines
the specific authorization authority) or a require-directive specific to
an authorization module supports this assumption.
Hope this helps.
Kind regards
Tobias
Am 24.11.2014 um 12:13 schrieb Marc Patermann:
Hi,
I using the following .htaccess
AuthBasicProvider ldap file
AuthType Basic
AuthzLDAPAuthoritative off
Authname "..."
AuthUserFile /srv/www/.htusers-mf
AuthLDAPURL
"ldap://ldapserver/ou=humans,ou=foo,c=de?mail??(mail=*@ofd-*.foo.de)"
<Limit PROPFIND OPTIONS GET>
#Require ldap-group ou=Benutzer-Opst,ou=gruppen,ou=humans,ou=foo,c=de
#Require user k1-st-01
Require valid-user
</Limit>
...
The "require valid-user" does not work for ldap users. I get the
following message in error_log:
/var/log/apache2/error_log:[Thu Nov 21 09:40:48 2014] [error] [client
10.49.64.85] access to /documents/ failed, reason: user 'u...@foo.de'
does not meet 'require'ments for user/valid-user to be allowed access
Apache is version 2.2.10
If I set it to "require ldap-user u...@foo.de" or "require ldap-group
..." it is all fine, so the ldap part does it's thing.
Marc
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
--
###############################
# Tobias Adolph #
# Leibniz-Rechenzentrum #
# Zimmer I.2.019 #
# Boltzmannstraße 1 #
# 85748 Garching bei München #
###############################
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org