I have a dozen-ish virtual hosts that "Include" a common
configuration file which, among other things, specifies
authentication for the sites:
<Location / >
AuthName "File Auth"
AuthType Basic
AuthUserFile /etc/httpd/conf/passwords
AuthAuthoritative off
Require user joe
</Location>
In one of the virtual hosts I want to override the inherited
authentication mechanism to use mod_auth_ldap (httpd 2.0.52):
<Location / >
AuthLDAPAuthoritative On
AuthLDAPEnabled On
AuthType Basic
AuthName "Ldap Auth"
AuthLDAPBindDN "uid=mod_auth_ldap,ou=Special
Users,dc=example,dc=com"
AuthLDAPBindPassword elngt0nc0at0r
AuthLDAPURL "ldaps://ds1.example.org:636/
ou=people,dc=example,dc=org?uid?sub"
Require group cn=Webusers,ou=Groups,dc=example,dc=org
</Location>
However, I am unable to undefine the AuthUserFile in the
reconfiguration. Apache continues with the file-based password
comparison. The mod_auth_ldap works fine if I don't pre-declare the
AuthUserFile. I have similar problems if I try to change the
authentication method on a subdirectory (eg. <Location /mydir> )
Is there a way to disable an inherited authentication module once its
been declared?
From my reading of the mod_auth doc I'm understanding there is not:
"So if a userID appears in the database of more than one module; or
if a valid Require directive applies to more than one module; then
the first module will verify the credentials; and no access is passed
on; regardless of the AuthAuthoritative setting."
