FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 04-10-2008, 09:01 PM
"David Hl√°ńćik"
 
Default mod_auth_ldap Apache2 on CentOS 5 and require group

Hi, all,
¬*
1) it is CentOs 5.1
2) i am sure that LDAP is working according to error and access logs (when i will type bad user it will fail, when i will type bad password it will inform me about password mismath)
3) yes it is in correct <Location> directory
I am sending whole config file :
¬*
LoadModule dav_svn_module¬*¬*¬*¬* modules/mod_dav_svn.so
LoadModule authz_svn_module¬*¬* modules/mod_authz_svn.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.

<IfModule mod_dav_svn.c>¬*
¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*
¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*

¬*
# - uncomment location section below and modify it according to your situation.¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*
#¬*¬*¬* You will need to change at least the AuthLDAPURL parameter.¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*

¬*¬*¬*¬*
#¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*
# Documentation of the LDAP module used, and its parameters, is available at¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*

¬*¬*¬*¬*¬*¬*
#¬* http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*
#¬* http://httpd.apache.org/docs/2.2/mod/mod_ldap.html¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*

¬*
#¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*¬*
<Location /repo>¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*

¬*
#¬*¬*¬*¬*¬*¬* # enable Web DAV HTTP access methods
¬*¬*¬*¬*¬*¬*¬* DAV svn¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*
#¬*¬*¬*¬*¬*¬*¬*
#¬*¬*¬*¬*¬*¬* # repository location¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*

¬*¬*¬*¬*¬*¬*¬* SVNPath "/srv/polarion/svn/repo"¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*
¬*¬*¬*¬*¬*¬*¬*¬*¬*
#¬*¬*¬*¬*¬*¬*¬*
#¬*¬*¬*¬*¬*¬* # write requests from WebDAV clients result in automatic commits

¬*¬*¬*¬*¬*¬*¬* SVNAutoversioning on¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*
#¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*

¬*
¬*¬*¬*¬*¬*¬*¬* AuthName "Subversion repository"¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*
¬*
#
#¬*¬*¬*¬*¬*¬* # per-directory access control
¬*¬*¬*¬*¬*¬*¬* AuthzSVNAccessFile "/srv/polarion/svn/access"¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*

¬*¬*¬*¬*¬*¬*¬*¬*¬*
#¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*
¬*¬*¬*¬*¬*¬*¬* AuthType Basic¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*

¬*
¬*¬*¬*¬*¬*¬*¬* AuthBasicProvider ldap¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*
#¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*
#¬*¬*¬*¬*¬*¬* # allow mod_authnz_ldap to decline group authentication so that Apache

#¬*¬*¬*¬*¬*¬* # will fall back to file authentication for checking group membership¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*¬*¬*¬*¬*¬* AuthzLDAPAuthoritative¬*¬* On
#¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*

#¬*¬*¬*¬*¬*¬* AuthLDAPURL "ldap://yourExampleServer.com:389/ou=People,o=organization.org?uid"¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*

#¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*
#¬*¬*¬*¬*¬*¬* Require valid-user
#¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*

¬*¬*¬*¬*¬*¬*¬* AuthLDAPURL "ldap://server/ou=Users,o=Organization?uid"
¬*¬*¬*¬*¬*¬*¬* Require ldap-group "cn=tester2,ou=Groups,o=Organization"
¬*¬*¬*¬*¬*¬*¬* #Require ldap-dn cn=Hlacik David,ou=Users,o=Organization

¬*¬*¬*¬*¬*¬*¬* AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
¬*¬*¬*¬*¬*¬*¬* AuthLDAPBindPassword svn1
</Location>¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬ *¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*
¬*
¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬* ¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*¬*

¬*
</IfModule>


2008/4/10 Jim Perrin <jperrin@gmail.com>:


On Thu, Apr 10, 2008 at 2:35 PM, David Hl√°ńćik <david@hlacik.eu> wrote:



> Hi , i am facing a strange problem.
>
> I have centos , i wan to access svn trought apache using mod auth ldap.
>
> This is what i have configured
>
> ¬* ¬* ¬* ¬*AuthLDAPBindDN cn=svn,ou=Operators,o=Organization

> ¬* ¬* ¬* ¬* AuthLDAPBindPassword Pass1
> ¬* ¬* ¬* ¬* AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid"
> ¬* ¬* ¬* ¬* AuthLDAPGroupAttribute member
> ¬* ¬* ¬* ¬* AuthLDAPGroupAttributeIsDN on
> ¬* ¬* ¬* ¬* ¬*Require group cn=tester2,ou=Groups,o=Organization

>
> What is strange?
>
> According to doc it will accept only users which DN is in group
> cn=teste2,ou=Groups,o=Organization.
>
> How come, for me it will accept every one user from LDAP?

>
> Thanks in advance!

Is this for centos 4 or centos5?


--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 12:34 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org