Hi there,
I would like to ask a question about an LDAP + Apache2 related
question. I've been dealing with this problem for the last couple of
days, so here is the story.
I have to integrate the SVN repositories of my company with the
ActiveDirectory (w2k3). My configuration is the following:
- Testing Debian, updated to the latest available binaries, running
kernel Linux version 2.6.18-6-amd64 (Debian 2.6.18.dfsg.1-18etch6).
- The apache packages installed:
ii apache2 2.2.9-10 Apache HTTP
Server metapackage
ii apache2-mpm-worker 2.2.9-10 Apache HTTP
Server - high speed threaded mod
ii apache2-utils 2.2.9-10 utility
programs for webservers
ii apache2.2-common 2.2.9-10 Apache HTTP
Server common files
ii libapache-authznetldap-perl 0.07-4 Apache-Perl
module that enables to authorize
ii libapache2-mod-perl2 2.0.4-4 Integration
of perl with the Apache2 web ser
ii libapache2-reload-perl 0.10-2 Reload Perl
modules when changed on disk
ii libapache2-svn 1.5.1dfsg1-1 Subversion
server modules for Apache
- The apache modules enabled:
lrwxrwxrwx 1 root root 28 2008-07-21 19:58 alias.conf ->
../mods-available/alias.conf
lrwxrwxrwx 1 root root 28 2008-07-21 19:58 alias.load ->
../mods-available/alias.load
lrwxrwxrwx 1 root root 33 2008-07-21 19:58 auth_basic.load ->
../mods-available/auth_basic.load
lrwxrwxrwx 1 root root 33 2008-07-21 19:58 authn_file.load ->
../mods-available/authn_file.load
lrwxrwxrwx 1 root root 34 2008-11-30 16:36 authnz_ldap.load ->
../mods-available/authnz_ldap.load
lrwxrwxrwx 1 root root 33 2008-11-30 16:58 authz_host.load ->
../mods-available/authz_host.load
lrwxrwxrwx 1 root root 32 2008-07-21 19:58 autoindex.conf ->
../mods-available/autoindex.conf
lrwxrwxrwx 1 root root 32 2008-07-21 19:58 autoindex.load ->
../mods-available/autoindex.load
lrwxrwxrwx 1 root root 27 2008-07-21 19:58 cgid.conf ->
../mods-available/cgid.conf
lrwxrwxrwx 1 root root 27 2008-07-21 19:58 cgid.load ->
../mods-available/cgid.load
lrwxrwxrwx 1 root root 26 2008-07-21 20:05 dav.load ->
../mods-available/dav.load
lrwxrwxrwx 1 root root 30 2008-07-21 20:05 dav_svn.conf ->
../mods-available/dav_svn.conf
lrwxrwxrwx 1 root root 30 2008-07-21 20:05 dav_svn.load ->
../mods-available/dav_svn.load
lrwxrwxrwx 1 root root 30 2008-07-21 19:58 deflate.conf ->
../mods-available/deflate.conf
lrwxrwxrwx 1 root root 30 2008-07-21 19:58 deflate.load ->
../mods-available/deflate.load
lrwxrwxrwx 1 root root 26 2008-07-21 19:58 dir.conf ->
../mods-available/dir.conf
lrwxrwxrwx 1 root root 26 2008-07-21 19:58 dir.load ->
../mods-available/dir.load
lrwxrwxrwx 1 root root 26 2008-07-21 19:58 env.load ->
../mods-available/env.load
lrwxrwxrwx 1 root root 27 2008-11-30 16:36 ldap.load ->
../mods-available/ldap.load
lrwxrwxrwx 1 root root 27 2008-07-21 19:58 mime.conf ->
../mods-available/mime.conf
lrwxrwxrwx 1 root root 27 2008-07-21 19:58 mime.load ->
../mods-available/mime.load
lrwxrwxrwx 1 root root 34 2008-07-21 19:58 negotiation.conf ->
../mods-available/negotiation.conf
lrwxrwxrwx 1 root root 34 2008-07-21 19:58 negotiation.load ->
../mods-available/negotiation.load
lrwxrwxrwx 1 root root 27 2008-11-30 16:32 perl.load ->
../mods-available/perl.load
lrwxrwxrwx 1 root root 31 2008-07-21 19:58 setenvif.conf ->
../mods-available/setenvif.conf
lrwxrwxrwx 1 root root 31 2008-07-21 19:58 setenvif.load ->
../mods-available/setenvif.load
lrwxrwxrwx 1 root root 26 2008-07-21 21:19 ssl.conf ->
../mods-available/ssl.conf
lrwxrwxrwx 1 root root 26 2008-07-21 21:19 ssl.load ->
../mods-available/ssl.load
lrwxrwxrwx 1 root root 29 2008-07-21 19:58 status.conf ->
../mods-available/status.conf
lrwxrwxrwx 1 root root 29 2008-07-21 19:58 status.load ->
../mods-available/status.load
- The subversion packages installed:
ii libapache2-svn 1.5.1dfsg1-1 Subversion
server modules for Apache
ii libsvn1 1.5.1dfsg1-1 Shared
libraries used by Subversion
- The related part of my virtual host configuration:
<Location />
AuthBasicProvider ldap
AuthName "L&M Subversion Server"
AuthType Basic
AuthzLDAPAuthoritative on
AuthLDAPURL
"ldap://192.168.1.100:389/OU=LMUsers,DC=lmsolutions,DC=hu?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=SVN LDAP Query
User,OU=ServAcc,OU=LMUsers,DC=lmsolutions,DC=hu"
AuthLDAPBindPassword <somepassword>
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
# AuthLDAPSubGroupClass group
# AuthLDAPSubGroupAttribute member
# AuthLDAPMaxSubGroupDepth 10
require ldap-group CN=LMDevelopers,OU=LMGroups,DC=lmsolutions,DC=hu
</Location>
---------------------------------------------
The communication and authorization basically works, except one scenarion.
When the above listed group (LMDevelopers) contains only people and no
further groups everything works just perfect.
Unfortunately I do have nested (sub) groups in my AD group hierarchy,
and would need to have access on the commented AuthLDAPSubGroupClass,
AuthLDAPSubGroupAttribute and AuthLDAPMaxSubGroupDepth options, to
make authorization through these nested groups available.
If I try to use them I get the error message when starting apache:
"Syntax error on line 41 of /etc/apache2/sites-enabled/svn-https:
Invalid command 'AuthLDAPSubGroupClass', perhaps misspelled or defined
by a module not included in the server configuration failed!"
The main apache documentation states, that these options are available
since version 2.1.
(http://publib.boulder.ibm.com/httpserv/manual70/mod/mod_authnz_ldap.html)
Could you please help me out what I'm missing, or how I can fix this problem?
Thanks,
Balázs
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
