Hi all,
I have no idea what's going on and why my setup that's been working for
years suddenly stopped working so have to ask here after had done extensive
debugging.
Maybe something has changed in the ldap and/or authentication/authorization
modules but the effect is same on apache 2.2.22 and 2.4.18 -> I'm not
getting the basic authentication pop-up any more and the site access is
unprotected.
I have the following config enabled:
<IfModule mod_ldap.c>
<AuthnProviderAlias ldap ldap1>
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL ldap://
ldap1.domain.com:389/ou=Users,dc=domain,dc=com?uid STARTTLS
AuthLDAPBindDN cn=user,ou=Users,dc=domain,dc=com
AuthLDAPBindPassword password
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN on
</AuthnProviderAlias>
<AuthnProviderAlias ldap ldap2>
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL ldap://
ldap2.domain.com:389/ou=Users,dc=domain,dc=com?uid STARTTLS
AuthLDAPBindDN cn=user,ou=Users,dc=domain,dc=com
AuthLDAPBindPassword password
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN on
</AuthnProviderAlias>
</IfModule>
and referenced in the default virtual host as:
<IfModule mod_ldap.c>
AuthBasicProvider ldap1 ldap2
AuthType Basic
AuthName "Secure access"
Require ldap-group "cn=mygroup,ou=Groups,dc=domain,dc=com"
Require valid-user
Satisfy all
</IfModule>
Even with debugging enabled all I can see in the logs is:
[Fri Apr 06 02:26:21.260285 2018] [authz_core:debug] [pid 10784:tid
140553274521344] mod_authz_core.c(809): [client 210.10.195.106:37535]
AH01626: authorization result of Require all granted: granted
[Fri Apr 06 02:26:21.260367 2018] [authz_core:debug] [pid 10784:tid
140553274521344] mod_authz_core.c(809): [client 210.10.195.106:37535]
AH01626: authorization result of <RequireAny>: granted
It's like the whole LDAP thing is just being ignored. I can also confirm in
the LDAP server side logs the Apache server never even tries making a
connection.
What can be the problem? Any ideas?
Thanks
