search for: authldapurl

...ying this here first before moving to the apache list. Maybe someone of you use mod_authnz_ldap with multiple ldap servers declaration for redundancy. With one server declared it is working. Here is what I've tried for adding another one (space separated as read in the apache's doc) : .... AuthLDAPURL ldaps://ldap1.example.com/ou=People,dc=example,dc=com?uid??(businessCategory=foo) ldaps://ldap2.example.com/ou=People,dc=example,dc=com?uid??(businessCategory=foo) .... Result: Syntax error on line 43 of /etc/httpd/conf.d/trac.conf: Invalid LDAP connection mode setting: must be one of NONE, SSL, o...

.../> Options FollowSymLinks AllowOverride None Require all granted Allow from all AuthName "AD authentication" AuthBasicProvider ldap AuthType Basic AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN On AuthLDAPURL ldap://dc1.domain.local/172.16.232.29:389/cn=Users,dc=domain?sAMAccountName?sub?(objectClass=*) AuthLDAPBindDN cn=apache-connect,cn=Users,domain AuthLDAPBindPassword password require ldap-group cn=Nagios-Admins,cn=Users,domain and attempt to restart Apache. I get the follo...

Hi , i am facing a strange problem. I have centos , i wan to access svn trought apache using mod auth ldap. This is what i have configured AuthLDAPBindDN cn=svn,ou=Operators,o=Organization AuthLDAPBindPassword Pass1 AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid" AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN on Require group cn=tester2,ou=Groups,o=Organization What is strange? According to doc it will accept only users which DN is in group cn=teste2,ou=Groups,o=Organiza...

...working configuration (thanks to http://httpd.apache.org/docs/2.4/en/mod/mod_authnz_ldap.html) First you need authnz_ldap module for Apache. <Location /> AuthName "AD authentication" AuthBasicProvider ldap AuthType Basic AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN On AuthLDAPURL "ldap://addc1:3268/?sAMAccountName?sub AuthLDAPBindDN apache-connect at contoso.com AuthLDAPBindPassword password Require ldap-group CN=Sysadmins_GRP,OU=groups,OU=company,DC=contoso,DC=com </Location> Hope this will help someone and could be a good idea to update the wiki page.

...thRealms X.Y Krb5KeyTab /etc/apache2/apache.keytab KrbLocalUserMapping On AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDn On # Adding cn and displayName is optional, but provides the value # as environment variables to the script # e.g.: AUTHORIZE_DISPLAYNAME="John Doe" AuthLDAPURL ldaps://{ad-server}/CN=Users,DC=X,DC=Y?sAMAccountName,cn,displayName?sub?(objectClass=*) AuthLDAPBindDN CN=http-{servername},CN=Users,DC=X,DC=Y AuthLDAPBindPassword {password of user "http-{servername}"} require ldap-group cn={groupname},cn=Users,DC=X,DC=Y # Sends forbidden when Ker...

...ry. Achieved using realmd, SSSD and krb5-workstation together with a ktpass-generated keytab. Apache's mod_auth_kerb allows users to authenticate via their AD accounts, and authorise with "require user" directive. But so far we fail to authorise via AD group membership. i.e. adding AuthLDAPUrl and "require ldap-group" directives to httpd.conf results in access being denied. Using ldapsearch with GSSAPI (or password entry) works as expected. After looking at debug logs and tcpdump output, I (possibly incorrectly) put the issue down to being unsure how to get krb5_aname_to_local...

...AllowOverride None > Require all granted > Allow from all > AuthName "AD authentication" > AuthBasicProvider ldap > AuthType Basic > AuthLDAPGroupAttribute member > AuthLDAPGroupAttributeIsDN On > AuthLDAPURL > ldap://dc1.domain.local/172.16.232.29:389/cn=Users,dc=domain?sAMAccountName?sub?(objectClass=*) > AuthLDAPBindDN cn=apache-connect,cn=Users,domain > AuthLDAPBindPassword password > require ldap-group cn=Nagios-Admins,cn=Users,domain > > > and attempt...

...AllowOverride None > Require all granted > Allow from all > AuthName "AD authentication" > AuthBasicProvider ldap > AuthType Basic > AuthLDAPGroupAttribute member > AuthLDAPGroupAttributeIsDN On > AuthLDAPURL > ldap://dc1.domain.local/172.16.232.29:389/cn=Users,dc=domain?sAMAccountName?sub?(objectClass=*) > AuthLDAPBindDN cn=apache-connect,cn=Users,domain > AuthLDAPBindPassword password > require ldap-group cn=Nagios-Admins,cn=Users,domain Why are you bothering to us...

...far I've accomplished the following: - Setup httpd.conf to successfully authenticate against AD by passing my username/passwd. <Directory /var/www/html/secure> Allow from All AuthType Basic AuthName "Ldap test area" AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPURL "ldap://server:389/OU=OU=name,OU=area,DC=core,DC=test,DC=edu?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN "username at core" AuthLDAPBindPassword password require valid-user </Directory> - In addition, I used LikeWise software and was able to successfully join...

...onf are: <Location /logo.gif> # <--- change path as needed Order allow,deny Allow from all AuthBasicProvider ldap AuthType Basic AuthzLdapAuthoritative off AuthName "BackupPC login" AuthLDAPBindDN ldapb at centos.org AuthLDAPBindPassword myformerlysecretpasswordpostedtoworld AuthLDAPURL "ldap://10.XX.XX.XXX:389/DC=centos,DC=org?sAMAccountName?sub? (objectClass=*)" NONE require valid-user </Location> I have debug turned on. On startup I get: [root at backuppc httpd]# service httpd start Starting httpd: [Mon Oct 22 15:53:31 2007] [debug] mod_authnz_ldap.c(849):...

I'm (finally) getting around to putting a backup LDAP authentication server on my network. The backup uses syncrepl to grab the database, and to my eyes both LDAP servers answer read queries identically. I'm testing the client side of this configuration on virtual CentOS 5 i386 machine. /etc/ldap.conf reads ----- %< ----- base dc=DOMAIN,dc=com timelimit 30 bind_timelimit 30

...DAV svn SVNParentPath /srv/svn/repos </Location> <Location /repos/repo1> SSLRequireSSL AuthName "SVN Repo 1" AuthType Basic AuthLDAPBindDN cn=svnbind,cn=systemusers,dc=example,dc=com AuthLDAPBindPassword plaintextpassword AuthUserFile /etc/httpd/svnpasswd AuthLDAPURL "ldaps://ldapserver1.example.com/dc=example,dc=com?uid ldaps://ldapserver2.example.com/dc=example,dc=com?uid " AuthBasicProvider file ldap AuthzLDAPAuthoritative off AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN On # READ <Limit OPTIONS PROPFIND GET REPORT&g...

James Hogarth wrote: > On 12 Apr 2016 16:29, "Scott Robbins" <scottro11 at gmail.com> wrote: >> On Tue, Apr 12, 2016 at 09:45:17AM +0200, Marcin Trendota wrote: >> > W dniu 11.04.2016 o 20:07, Scott Robbins pisze: <SNIP> > After various testing I ended up going with the Apache LDAP cache module > and doing the auth at the Apache level, not system. >

...uthz off DAV svn SVNPath /home/repos/subversion_free_avr AuthBasicAuthoritative off AuthBasicProvider socache external AuthExternal pwauth AuthnCacheProvideFor external AuthType Basic AuthName "Subversion repository" AuthLDAPURL ldap://ldap.our.domain/ou=Main,o=company AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off Require ldap-group cn=programmers,ou=group,ou=main,o=company #GroupExternal unixgroup #Require group programmers #Require valid-user #Auth...