Re: [users@httpd] LDAP query translation from 2.2 to 2.4

Wed, 26 Aug 2020 08:40:11 -0700 

All I get is:
AH00526: Syntax error on line 131 of 
/opt/rh/httpd24/root/etc/httpd/conf.d/ldapdir.conf:
Bad LDAP URL while parsing.

Darryl Baker, GSEC  (he/him/his)
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
1800 Sherman Ave.
Suite 6-600 – Box #39
Evanston, IL  60201-3715
darryl.ba...@northwestern.edu
(847) 467-6674
 

On 8/26/20, 10:36 AM, "Eric Covener" <cove...@gmail.com> wrote:

    On Wed, Aug 26, 2020 at 11:34 AM Darryl Philip Baker
    <darryl.ba...@northwestern.edu> wrote:
    >
    > I am trying to port a configuration from Apache 2.2 to Apache 2.4 that is 
used for LDAP authentication, but I have little knowledge of LDAP. I can 
translate “Order deny,allow” and “Deny from All” I have found that 
“AuthzLDAPAuthoritative off” has been removed from Apache 2.4. I am getting a 
syntax error on the AuthLDAPUrl line. From one of the examples I found, do I 
need to change from a Directory block to a Location block?
    >
    >
    >
    > Here is what the stanza is in Apache 2.2
    >
    >
    >
    > <Directory "/usr/local/www/docs/it/snaps">
    >
    >          Options -Indexes +FollowSymLinks +ExecCGI +Includes
    >
    >          Order deny,allow
    >
    >          Deny from All
    >
    >          AuthName "Enter Your Netid and Password"
    >
    >          AuthType basic
    >
    >          AuthBasicProvider ldap
    >
    >          AuthzLDAPAuthoritative off
    >
    >          AuthLDAPBindDN "cn=sanitycheck, ou=Service, dc=example, dc=com"
    >
    >          AuthLDAPBindPassword "tmd+pkx"
    >
    >          AuthLDAPUrl     
"ldaps://evregistryprda.cyber.example.com.cyber.example.com:1636 
ldaps://chregistryprda.cyber.example.com.cyber.example.com:1636 
ldaps://evregistryprdb.cyber.example.com.cyber.example.com:1636 
ldaps://chregistryprdb.cyber.example.com.cyber.example.com:1636/dc=example,dc=com?uid?sub?(objectclass=*)"
    >
    >          Require valid-user
    >
    >          Satisfy any
    >
    >    </Directory>
    >
    >

    Should be no difference. Can you share the verbatim error message you
    get from `apachectl -t`?

    ---------------------------------------------------------------------
    To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
    For additional commands, e-mail: users-h...@httpd.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to