Eduardo,
It looks like you're trying to get it working with Xymon so you might want
to ask on that list as well. I had a heck of a time getting it to work but
I ended up using mod_authnz_external.c to configure it to use PAM. This is
the config I use:
<IfModule mod_authnz_external.c>
# Require SSL connection for password protection.
SSLRequireSSL
AuthBasicProvider external file
AuthExternal pwauth
AuthGroupFile /etc/xymon/xymongroups
GroupExternal unixgroup
<RequireAll>
# "valid-user" restricts access to anyone who is logged in.
Require valid-user
# "group xymon" restricts access to users who have logged in,
AND
# are members of the "xymon" group in xymongroups.
Require group xymon
</RequireAll>
</IfModule>
While not exactly what you're doing, I hope this helps nudge you in the
right direction.
=G=
On Fri, Oct 13, 2017 at 12:10 PM, Eric Covener <cove...@gmail.com> wrote:
> Can you crank up the loglevel to trace8? I believe there are some
> spurious error messages when authz modules are reporting their
> individual results vs. getting rolled up to RequireAny.
>
> On Fri, Oct 13, 2017 at 11:46 AM, Eduardo Mayoral <emayo...@arsys.es>
> wrote:
> > Hi, Eric,
> >
> > Thanks for your fast answer. The reason for the provider aliases is
> > that once I get this config working I would like to re-use it for about
> > 6 different directories.
> >
> > However, I have tried to flatten the configuration according to your
> > suggestion. I repeated the tests, exact same result. Flattened config
> > follows:
> >
> > AuthType Basic
> > AuthName "Xymon user"
> >
> > AuthBasicProvider file ldap
> > AuthBasicAuthoritative off
> >
> > AuthLDAPURL "ldap://REDACTED:3268
> > REDACTED:3268/DC=arsyslan,DC=es?sAMAccountName?sub?(objectClass=*)" NONE
> > AuthLDAPBindDN "redac...@arsyslan.es"
> > AuthLDAPBindPassword "REDACTED"
> > AuthLDAPGroupAttributeIsDN on
> > AuthLDAPGroupAttribute member
> > AuthLDAPMaxSubGroupDepth 3
> >
> > AuthUserFile /etc/xymon/xymonusers.htpasswd
> > AuthGroupFile /etc/xymon/xymongroups.htpasswd
> >
> >
> > <RequireAny>
> > Require group XymonUsers
> > Require ldap-group
> > cn=XymonAccess,OU=Aplicaciones,OU=Usuarios,DC=arsyslan,DC=es
> > </RequireAny>
> >
> >
> > Eduardo Mayoral Jimeno (emayo...@arsys.es)
> > Administrador de sistemas. Departamento de Plataformas. Arsys internet.
> > +34 941 620 145 ext. 5153
> >
> > On 13/10/17 16:47, Eric Covener wrote:
> >> On Fri, Oct 13, 2017 at 10:06 AM, Eduardo Mayoral <emayo...@arsys.es>
> wrote:
> >>> Hi,
> >>>
> >>> I am trying to move a web application from httpd 2.2 to httpd 2.4 ,
> >> I don't think all of those provider-aliases are necessary. Did you a
> >> try a more simpler/direct port of the config?
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >
>
>
>
> --
> Eric Covener
> cove...@gmail.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
