[Date Prev][Date Next] [Chronological] [Thread] [Top]

Apache authentication?

Hi all,

(Please tell me if this isn't the appropriate forum for this question!)

I'm running slapd/OpenLDAP 2.0.27 on Debian unstable.

I'm trying to get Apache to authenticate against the server using
the auth_ldap_module.  I have the following sections in my Apache 1.3.x

    DocumentRoot /var/www
    <Directory />
        Options FollowSymLinks ExecCGI
        AllowOverride None
        AuthType Basic
        AuthName "Paul's Area"
        AuthLDAPAuthoritative On
        AuthLDAPURL ldap://localhost/ou=people,dc=foo,dc=com
        Satisfy All
        Require valid-user

    Alias /admin/ /var/www/admin
    <Directory /admin/>
        Options FollowSymLinks ExecCGI
        AllowOverride None
        AuthType Basic
        AuthName "Paul's Secret Admin Area"
        AuthLDAPAuthoritative On
        AuthLDAPURL ldap://localhost/cn=Admins,dc=foo,dc=com
        AuthLDAPGroupAttributeIsDN On
        Satisfy All
        Require group cn=Admins,dc=foo,dc=com

What I want to effectively do is have the root of the web site 
require LDAP password authentication, but further restrict one
directory (/adnin/ ) only to those in the Admin group.

I have the LDAP authentication/authorization working just fine, 
except that it seems to only match against the root directives and 
never tries to match against the /admin/ directives.

Interestingly, when I connect to the URL http://localhost/admin
it prompts me for a username/password pair (though specifies the 
AuthName as specified for DocumentRoot).  I enter a user who is 
specifically *not* in the LDAP 'Admin' group, and it fails, prompting 
me again for valid creds for exactly the same AuthName.  Yet when I 
enter exactly the same creds in again, if succeeds for some reason.

Any ideas?  Anyone else doing this successfully?


Key fingerprint = 1660 FECC 5D21 D286 F853  E808 BB07 9239 53F1 28EE

	It may look like I'm just sitting here doing nothing,
   but I'm really actively waiting for all my problems to go away.

	 If you're not having fun, you're not doing it right!