[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Help with apache and ldap authentication



I found I always had to turn AuthzLDAPAuthoritative Off for it to work
for me but our setup was slightly different. I use:

# turn on LDAP authentication and authorization module
AuthzLDAPEngine on

# define ldap server
AuthzLDAPServer server.com.au

# set the search base
AuthzLDAPUserBase dc=server,dc=com,dc=au

# define the search filter (ie what attribute to search in)
AuthzLDAPUserKey uid

# how to search through the name space
AuthzLDAPUserScope subtree

# ensure the authorization header is not re-written
AuthzLDAPSetAuthorization off

# we use ldap authentication and mod_access authorization
# to determine access so we need to ensure the process
# doesn't finish with mod_authz_ldap
AuthzLDAPAuthoritative off

AuthType basic
AuthName "Something"
require user someuser

Karl.


On Tue, 2006-06-20 at 15:03 -0400, Bliss, Aaron wrote:
> Yep, sorry I didn't mention that; the host running apache authenticates
> users fine to the ldap server both using ldap and ldaps; just can't get
> apache to talk to the ldap server.
> 
> Aaron
> 
> -----Original Message-----
> From: redhat-list-bounces redhat com
> [mailto:redhat-list-bounces redhat com] On Behalf Of Allen Chen
> Sent: Tuesday, June 20, 2006 2:29 PM
> To: General Red Hat Linux discussion list
> Subject: Re: Help with apache and ldap authentication
> 
> Bliss, Aaron wrote:
> > I'm running redhat 3 es, apache and all modules including 
> > mod_authz_ldap are from system rpm's; I'm attempting to restrict 
> > access to a directory and would like to use ldap authentication; below
> 
> > is the relevant section of my httpd.conf file; I'm getting the box to 
> > enter my credentials when going to the web page, but it seems to be 
> > failing; any ideas?  Thanks very much.
> >
> > <directory /webroot/www/nessus_summary>  AuthType Basic  AuthName 
> > "Private Area"
> > # AuthUserFile /usr/local/sbin/htusers  AuthzLDAPEngine on  
> > AuthzLDAPServer "al-lnx-s11.preferredcare.org"
> >  AuthzLDAPBindDN "ou=users,dc=preferredcare,dc=org"
> >  #AuthzLDAPMapBase "ou=users,dc=preferredcare,dc=org"
> >  AuthzLDAPAuthoritative on
> >  AuthzLDAPSetAuthorization on
> >  Require valid-user
> > </directory>
> >
> > Confidentiality Notice:
> > The information contained in this electronic message is intended for
> the exclusive use of the individual or entity named above and may
> contain privileged or confidential information.  If the reader of this
> message is not the intended recipient or the employee or agent
> responsible to deliver it to the intended recipient, you are hereby
> notified that dissemination, distribution or copying of this information
> is prohibited.  If you have received this communication in error, please
> notify the sender immediately by telephone and destroy the copies you
> received.
> >
> >
> >   
> 
> Can you ping ldap server  al-lnx-s11.preferredcare.org from apache
> machine?
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> 




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]