[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: Re: [users@httpd] Assistance with file + ldap auth config moving from httpd 2.2 to 2.4
From: Eduardo Mayoral <emayoral () arsys ! es>
Date: 2017-10-16 8:16:23
Message-ID: 68c5796b-d72a-435a-a4e9-2ca0a6b2906c () arsys ! es
[Download RAW message or body]
Thanks to everybody for their support. With trace8 loglevel I saw the
problem was with the Active directory group membership. I reverted to
what I was using in apache 2.2 for that part:
Require ldap-filter memberOf:1.2.840.113556.1.4.1941:=cn=XymonAccess,OU=Aplicaciones,OU=Usuarios,DC=arsyslan,DC=es
Also, I removed AuthBasicAuthoritative off because it caused non-existent users to \
produce a 500 error instead of a 401.
Again, thank you very much for the help!
Eduardo Mayoral Jimeno (emayoral@arsys.es)
Administrador de sistemas. Departamento de Plataformas. Arsys internet.
+34 941 620 145 ext. 5153
On 13/10/17 18:10, Eric Covener wrote:
> Can you crank up the loglevel to trace8? I believe there are some
> spurious error messages when authz modules are reporting their
> individual results vs. getting rolled up to RequireAny.
>
> On Fri, Oct 13, 2017 at 11:46 AM, Eduardo Mayoral <emayoral@arsys.es> wrote:
> > Hi, Eric,
> >
> > Thanks for your fast answer. The reason for the provider aliases is
> > that once I get this config working I would like to re-use it for about
> > 6 different directories.
> >
> > However, I have tried to flatten the configuration according to your
> > suggestion. I repeated the tests, exact same result. Flattened config
> > follows:
> >
> > AuthType Basic
> > AuthName "Xymon user"
> >
> > AuthBasicProvider file ldap
> > AuthBasicAuthoritative off
> >
> > AuthLDAPURL "ldap://REDACTED:3268
> > REDACTED:3268/DC=arsyslan,DC=es?sAMAccountName?sub?(objectClass=*)" NONE
> > AuthLDAPBindDN "REDACTED@arsyslan.es"
> > AuthLDAPBindPassword "REDACTED"
> > AuthLDAPGroupAttributeIsDN on
> > AuthLDAPGroupAttribute member
> > AuthLDAPMaxSubGroupDepth 3
> >
> > AuthUserFile /etc/xymon/xymonusers.htpasswd
> > AuthGroupFile /etc/xymon/xymongroups.htpasswd
> >
> >
> > <RequireAny>
> > Require group XymonUsers
> > Require ldap-group
> > cn=XymonAccess,OU=Aplicaciones,OU=Usuarios,DC=arsyslan,DC=es
> > </RequireAny>
> >
> >
> > Eduardo Mayoral Jimeno (emayoral@arsys.es)
> > Administrador de sistemas. Departamento de Plataformas. Arsys internet.
> > +34 941 620 145 ext. 5153
> >
> > On 13/10/17 16:47, Eric Covener wrote:
> > > On Fri, Oct 13, 2017 at 10:06 AM, Eduardo Mayoral <emayoral@arsys.es> wrote:
> > > > Hi,
> > > >
> > > > I am trying to move a web application from httpd 2.2 to httpd 2.4 ,
> > > I don't think all of those provider-aliases are necessary. Did you a
> > > try a more simpler/direct port of the config?
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic