hi
I have problem with mod_authz_ldap with this setup:
<Directory /var/www/html/weby_2005>
AuthzLDAPServer "ldap:389"
AuthzLDAPUserBase dc=group,dc=cz
AuthzLDAPBindDN uid=ds,ou=People,dc=group,dc=cz
AuthzLDAPBindPassword XXXXX
AuthzLDAPUserKey uid
AuthzLDAPUserScope subtree
AuthzLDAPLogLevel debug
# needed for user auth
AuthzLDAPMethod ldap
# needed for group auth
AuthzLDAPMethod ldap
AuthzLDAPGroupBase ou=Groups,dc=group,dc=cz
AuthzLDAPGroupKey cn
# map users to the uid uid for membership checking
AuthzLDAPMapUserToAttr uid
AuthzLDAPSetGroupAuth map
# this means that the memberUid attribute must match the uid
# (which is the result of the map operation)
AuthzLDAPMemberKey memberUid
AuthType basic
AuthName "Katalog"
<Limit GET POST>
deny from all
allow from all
#require user klima
require valid-user
#require group wprgs
</Limit>
</Directory>
When I use "require valid-user" or "require group wprgs" it
works
perfectly (I can login with username "klima", but "require user
klima"
it replies "Forbidden".
What is weird that it ask for password one time and then just shows
"Forbiden" ... When I changed setting of Apache and reload it logs
without asking passwd ... (it looks like "Iam loged but cannot login")
--
Petr Kl?ma
e-mail: qaxi at seznam.cz
On Mon, Sep 26, 2005 at 01:03:52PM +0200, Petr Kl?ma enlightened us:> I have problem with mod_authz_ldap with this setup: > > <Directory /var/www/html/weby_2005>------------< snip <------< snip <------< snip <------------> <Limit GET POST> > deny from all > allow from all > #require user klima > require valid-user > #require group wprgs > </Limit> > > </Directory> > > > When I use "require valid-user" or "require group wprgs" it works > perfectly (I can login with username "klima", but "require user klima" > it replies "Forbidden". >Have you tried using the full dn for klima?> What is weird that it ask for password one time and then just shows > "Forbiden" ... When I changed setting of Apache and reload it logs > without asking passwd ... (it looks like "Iam loged but cannot login")Your web browser is likely caching your credentials. Matt -- Matt Hyclak Department of Mathematics Department of Social Work Ohio University (740) 593-1263
Petr Kl?ma napsal(a):> hi >Closest helping hand starts on your shoulder ... In APACHE is mod_auth_ldap ... it works for me ... except #require dn #require ldap-attribute but for now i do not care Petr Kl?ma e-mail: qaxi at seznam.cz
Reasonably Related Threads
- CEBA-2012:1389 CentOS 6 mod_authz_ldap FASTTRACK Update
- CEBA-2010:0880 CentOS 5 x86_64 mod_authz_ldap Update
- CEBA-2010:0880 CentOS 5 i386 mod_authz_ldap Update
- CEBA-2011:0482 CentOS 5 x86_64 mod_authz_ldap FASTTRACK Update
- CEBA-2011:0482 CentOS 5 i386 mod_authz_ldap FASTTRACK Update