Márcio Luciano Donada a écrit :
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi people,
I am trying to authenticate the apache2 with members of a certain group
that's in my base ldap, but I am not able to operate, below my
configuration:
<Directory "/var/www/html/investimentos">
~ Options Indexes FollowSymlinks Multiviews
~ AuthType Basic
~ AuthName "Essa area e de acesso restrito, tudo o que
for feito esta sendo monitorado!"
~ AuthBasicProvider ldap
~ AuthzLDAPAuthoritative off
~ AuthLDAPURL
ldap://pdc-srv.auroraalimentos.com.br/cn=INVESTIMENTOS,ou=Grupos,dc=auroraalimentos,dc=com,dc=br
~ AllowOverride AuthConfig
~ require ldap &(uid=*)
~ #require valid-user
~ allow from all
</Directory>
# cat /var/log/apache2/error.log
[Tue Jan 15 17:56:04 2008] [warn] [client 121.1.16.22] [6395] auth_ldap
authenticate: user mdonada authentication failed; URI /investimentos/
[User not found][No such object]
[Tue Jan 15 17:56:04 2008] [error] [client 121.1.16.22] user mdonada not
found: /investimentos/
[Tue Jan 15 17:56:06 2008] [warn] [client 121.1.16.22] [6395] auth_ldap
authenticate: user mdonada authentication failed; URI /investimentos/
[User not found][No such object]
[Tue Jan 15 17:56:06 2008] [error] [client 121.1.16.22] user mdonada not
found: /investimentos/
[Tue Jan 15 17:56:08 2008] [warn] [client 121.1.16.22] [6395] auth_ldap
authenticate: user mdonada authentication failed; URI /investimentos/
[User not found][No such object]
[Tue Jan 15 17:56:08 2008] [error] [client 121.1.16.22] user mdonada not
found: /investimentos/
[Tue Jan 15 17:56:18 2008] [warn] [client 121.1.16.22] [6395] auth_ldap
authenticate: user mdonada authentication failed; URI /investimentos/
[User not found][No such object]
[Tue Jan 15 17:56:18 2008] [error] [client 121.1.16.22] user mdonada not
found: /investimentos/
# id mdonada
uid=1023(mdonada) gid=513(Usuarios Dominio) grupos=513(Usuarios
Dominio),106(downloads),114(cpedidos),119(dba),1000(CPD),1060(Internet),1061(mdonada),1062(controladoria),1066(ADMSITE),1067(pcv),1069(INVESTIMENTOS)
Some ideias?
Hi,
Here is what I do for LDAP auth:
AuthType Basic
AuthName "Subversion Nagios SNMP plugins"
AuthBasicProvider ldap
AuthLDAPBindDN "cn=bind,dc=external"
AuthLDAPBindPassword "P0uet"
AuthLDAPURL
ldap://ldap.server.external:389/ou=utilisateurs,ou=apache,dc=externe?cn?sub?(objectClass=person)
require ldap-group cn=svn,ou=groupes,ou=apache,dc=externe
And this is working, I think in your LDAP url, you need to add:
?cn?sub?(objectClass=person)
cn is for what you are looking for, sub is to tell to server that
request is recursive and (objectClass=person) is one of the objectclass
of the object
Regards
Guillaume
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
