Hi folks,
I'm having a problem with my first attempts to migrate a 2.0 server to 2.2,
specifically with the LDAP configuration I'm using. I have a somewhat
convoluted directory structure, with different permissions for different
directories. My problem can be summed up with the configuration in
httpd-vhosts.conf (see below); my actual configuration has additional Directory
sections, some of which have multiple "require ldap-users" and "require
ldap-groups", but the two I've copied here are able to recreate the problem.
<AuthnProviderAlias ldap ldap-site>
AuthLDAPURL ldap://*****/o=root?uid??(objectClass=inetOrgPerson)
AuthLDAPDereferenceAliases never
</AuthnProviderAlias>
<VirtualHost *:80>
ServerName docsite.sgi.sk.ca
DocumentRoot "/my/directory/htdocs"
<Directory "/my/directory/htdocs">
Options Indexes FollowSymLinks Includes
AllowOverride None
AuthBasicProvider ldap-site
AuthName "Login Now Please"
AuthType Basic
AuthzLDAPAuthoritative off
require valid-user
Order allow,deny
Allow from 10.0.0.8 10.0.1.9
Satisfy any
</Directory>
<Directory "/my/directory/htdocs/Infrastructure/private">
AuthBasicProvider ldap-site
AuthName "Login Now Please"
AuthType Basic
AuthzLDAPAuthoritative on
require ldap-group cn=mygroup,ou=container,ou=container,o=root
Order allow,deny
Allow from 10.0.0.8 10.0.1.9
Satisfy any
</Directory>
</VirtualHost>
The problem is that using this configuration I can sign in to the root of the
site no problem, but when I try getting in to the private directory that is
more restrictive apache throws errors like "access to
/Infrastructure/private/index.html failed, reason: require directives present
and no Authoritative handler." My understanding of the AuthzLDAPAuthoritative
directive from the documentation is that if I'm using "require valid-user" I
need to set it to off, but if I'm using "require ldap-user" or "require
ldap-group" I need to set it to on; I'm doing so but it doesn't seem to be
working as I expected it to. I can't find any mention on the net of anyone
else experiencing this problem after they get the AuthzLDAPAuthoritative thing
under control, so I'm assuming I'm missing something simple but I can't see
what it is.
Any help would be appreciated!
Thanks,
Jeff Eggen
IT Analyst
Saskatchewan Government Insurance
Ph (306) 751-1795
email [EMAIL PROTECTED]
This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you are not the named addressee, please notify the sender immediately by e-mail
if you have received this e-mail by mistake and delete this e-mail from your
system. If you are not the intended recipient you are notified that using,
disclosing, copying or distributing the contents of this information is
strictly prohibited.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
