[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP Authorization from Apache
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> The AuthLDAPBindDN and BindPassword attributes cause auth_ldap to bind to
> your LDAP directory as a non-anonymous user. In their absence, auth_ldap
> binds anonymously. Therefore, I suspect that your ACLs are not allowing
> anonymous binds from your Apache server, or are not allowing anonymous
> auth against the userPassword attribute and anonymous read against the
> cn attribute in the desired DIT branch.
Agree with that ! that's probably the main problem here.
>
> If you are truly using auth_ldap and not mod_auth_ldap, I commend the
> auth_ldap docs to your attention:
>
> http://www.rudedog.org/auth_ldap/1.6/auth_ldap.html
There is a very nasty big in auth_ldap that can be fixed, see
http://www.rudedog.org/pipermail/auth_ldap/2001-December/043545.html
> If not, I'm sure that there is similar available for mod_auth_ldap at
> httpd.apache.org or thereabouts.
in apache2 auth_ldap is part of the distro. The SAME big is there. Search
apache-dev for 'auth_ldap remebers wrong dn', or:
http://www.mail-archive.com/dev@httpd.apache.org/msg18318.html
_ace
website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/9eIzy7boE8xtIjURAllGAKCfgj7vEcdTmbj1WX/fTglkeAgesgCfaFWX
Y72QqAZ9fEihUNXLheJuGfY=
=nIfY
-----END PGP SIGNATURE-----