[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: auth_ldap problems
Dave Carrigan wrote:
>
> "Mark T. Johns" <xmtj@rims.com> writes:
>
> > Does anyone have experience using auth_ldap with apache and
> > openldap?
>
> I do :-)
>
> > I am getting errors in my apache error_log like this:
> >
> > [Thu Feb 24 15:34:24 2000] [alert] [client 10.0.3.195]
> > /home/httpd/html/calendar/.htaccess: LDAP URL has an invalid scope
> >
> > This is with a .htaccess that looks like this:
> >
> > AuthLDAPAuthoritative On
> > AuthLDAPURL ldap://rimsweb.rims.com:389/o=rims,c=US?cn?(objectclass=*)
>
> You're missing a question mark.
>
> The URL is of the format ldap://server/basedn?attr?scope?filter
>
> In your URL, it's treating "(objectclass=*)" as the scope. A correct URL
> would be
>
> ldap://rimsweb.rims.com:389/o=rims,c=US?cn??(objectclass=*)
>
> - or even -
>
> ldap://rimsweb.rims.com:389/o=rims,c=US?cn
Thanks. This is getting a little clearer.
>
> This will use the default "subtree" scope and set a default filter of
> "(objectclass=*)".
>
> > error: couldn't perform authentication. AuthType not set!: /calendar/
>
> You need to set the AuthType. This is very common; I think that the
> Apache docs somehow mislead people into thinking that AuthType is only
> for mod_auth. It's not, it's needed for all auth modules. Add this to
> your config:
>
> AuthType basic
Perhaps the next version of the auth_ldap docs could mention that
specifically. Are you accepting patches? ;-)
Thanks for the help.
-Mark
>
> --
> Dave Carrigan (dave@rudedog.org) | Yow! Edwin Meese made me wear
> UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-DNS | CORDOVANS!!
> Seattle, WA, USA |
> http://www.rudedog.org/ |
--
'Failure is _NOT_ an option. ...
... It comes bundled with every Microsoft product.'
--
Mark T. Johns, Webmaster, RIMS - http://www.rims.com/
email: xmtj@rims.com - BBS: http://rimsweb.rims.com/ubb/
voice: (630) 428-5389