[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Apache authentication?
Hi all,
(Please tell me if this isn't the appropriate forum for this question!)
I'm running slapd/OpenLDAP 2.0.27 on Debian unstable.
I'm trying to get Apache to authenticate against the server using
the auth_ldap_module. I have the following sections in my Apache 1.3.x
config:
DocumentRoot /var/www
<Directory />
Options FollowSymLinks ExecCGI
AllowOverride None
AuthType Basic
AuthName "Paul's Area"
AuthLDAPAuthoritative On
AuthLDAPURL ldap://localhost/ou=people,dc=foo,dc=com
Satisfy All
Require valid-user
</Directory>
Alias /admin/ /var/www/admin
<Directory /admin/>
Options FollowSymLinks ExecCGI
AllowOverride None
AuthType Basic
AuthName "Paul's Secret Admin Area"
AuthLDAPAuthoritative On
AuthLDAPURL ldap://localhost/cn=Admins,dc=foo,dc=com
AuthLDAPGroupAttributeIsDN On
Satisfy All
Require group cn=Admins,dc=foo,dc=com
</Directory>
What I want to effectively do is have the root of the web site
require LDAP password authentication, but further restrict one
directory (/adnin/ ) only to those in the Admin group.
I have the LDAP authentication/authorization working just fine,
except that it seems to only match against the root directives and
never tries to match against the /admin/ directives.
Interestingly, when I connect to the URL http://localhost/admin
it prompts me for a username/password pair (though specifies the
AuthName as specified for DocumentRoot). I enter a user who is
specifically *not* in the LDAP 'Admin' group, and it fails, prompting
me again for valid creds for exactly the same AuthName. Yet when I
enter exactly the same creds in again, if succeeds for some reason.
Any ideas? Anyone else doing this successfully?
Thanks,
--
Seeya,
Paul
--
Key fingerprint = 1660 FECC 5D21 D286 F853 E808 BB07 9239 53F1 28EE
It may look like I'm just sitting here doing nothing,
but I'm really actively waiting for all my problems to go away.
If you're not having fun, you're not doing it right!