[Date Prev][Date Next]
Re: Invalid dn errors for valid dns?
> Your problem has nothing to do with OpenLDAP software, but rather with
> auth_ldap (improper) usage. The "require group" directive refers to a
And, just for posterity's sake, I'll enumerate all of the mistakes that I
First, the class -- as you said -- must be groupOfNames, and the member
attribute fully qualified DNs. The LDAP entry now looks like:
dn: cn=svnTLR, ou=Group, dc=germane-software, dc=com
Second, the Apache docs clearly state that you're to not put quotes around
the group name. Elsewhere, I read that you're also not supposed to add
the base name, as auth_ldap does that for you, but that appears to be
incorrect, and it doesn't say this in the auth_ldap documentation from
Apache. The Apache configuration part now looks like this:
AuthName "Sean test"
Require group cn=svnTLR, ou=Group, dc=germane-software, dc=com
Incidently, the following AuthLDAPURL also works; I don't know why. Is
auth_ldap ignoring the query?
Thanks again for the help. I have to admit that I find the OpenLDAP log
messages to be cryptic, but it it sweet when I get it to work.