Help with apache and ldap authentication
Karl Latiss
karl.latiss at atvert.com.au
Wed Jun 21 01:15:20 UTC 2006
I found I always had to turn AuthzLDAPAuthoritative Off for it to work
for me but our setup was slightly different. I use:
# turn on LDAP authentication and authorization module
AuthzLDAPEngine on
# define ldap server
AuthzLDAPServer server.com.au
# set the search base
AuthzLDAPUserBase dc=server,dc=com,dc=au
# define the search filter (ie what attribute to search in)
AuthzLDAPUserKey uid
# how to search through the name space
AuthzLDAPUserScope subtree
# ensure the authorization header is not re-written
AuthzLDAPSetAuthorization off
# we use ldap authentication and mod_access authorization
# to determine access so we need to ensure the process
# doesn't finish with mod_authz_ldap
AuthzLDAPAuthoritative off
AuthType basic
AuthName "Something"
require user someuser
Karl.
On Tue, 2006-06-20 at 15:03 -0400, Bliss, Aaron wrote:
> Yep, sorry I didn't mention that; the host running apache authenticates
> users fine to the ldap server both using ldap and ldaps; just can't get
> apache to talk to the ldap server.
>
> Aaron
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Allen Chen
> Sent: Tuesday, June 20, 2006 2:29 PM
> To: General Red Hat Linux discussion list
> Subject: Re: Help with apache and ldap authentication
>
> Bliss, Aaron wrote:
> > I'm running redhat 3 es, apache and all modules including
> > mod_authz_ldap are from system rpm's; I'm attempting to restrict
> > access to a directory and would like to use ldap authentication; below
>
> > is the relevant section of my httpd.conf file; I'm getting the box to
> > enter my credentials when going to the web page, but it seems to be
> > failing; any ideas? Thanks very much.
> >
> > <directory /webroot/www/nessus_summary> AuthType Basic AuthName
> > "Private Area"
> > # AuthUserFile /usr/local/sbin/htusers AuthzLDAPEngine on
> > AuthzLDAPServer "al-lnx-s11.preferredcare.org"
> > AuthzLDAPBindDN "ou=users,dc=preferredcare,dc=org"
> > #AuthzLDAPMapBase "ou=users,dc=preferredcare,dc=org"
> > AuthzLDAPAuthoritative on
> > AuthzLDAPSetAuthorization on
> > Require valid-user
> > </directory>
> >
> > Confidentiality Notice:
> > The information contained in this electronic message is intended for
> the exclusive use of the individual or entity named above and may
> contain privileged or confidential information. If the reader of this
> message is not the intended recipient or the employee or agent
> responsible to deliver it to the intended recipient, you are hereby
> notified that dissemination, distribution or copying of this information
> is prohibited. If you have received this communication in error, please
> notify the sender immediately by telephone and destroy the copies you
> received.
> >
> >
> >
>
> Can you ping ldap server al-lnx-s11.preferredcare.org from apache
> machine?
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
More information about the redhat-list
mailing list