[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: auth_ldap problems



"Mark T. Johns" <xmtj@rims.com> writes:

> Does anyone have experience using auth_ldap with apache and
> openldap?

I do :-)

> I am getting errors in my apache error_log like this:
> 
> [Thu Feb 24 15:34:24 2000] [alert] [client 10.0.3.195]
> /home/httpd/html/calendar/.htaccess: LDAP URL has an invalid scope
> 
> This is with a .htaccess that looks like this:
> 
> AuthLDAPAuthoritative On
> AuthLDAPURL ldap://rimsweb.rims.com:389/o=rims,c=US?cn?(objectclass=*)

You're missing a question mark.

The URL is of the format ldap://server/basedn?attr?scope?filter

In your URL, it's treating "(objectclass=*)" as the scope. A correct URL
would be

 ldap://rimsweb.rims.com:389/o=rims,c=US?cn??(objectclass=*)

  - or even -

 ldap://rimsweb.rims.com:389/o=rims,c=US?cn

This will use the default "subtree" scope and set a default filter of
"(objectclass=*)".

> error:  couldn't perform authentication. AuthType not set!: /calendar/

You need to set the AuthType. This is very common; I think that the
Apache docs somehow mislead people into thinking that AuthType is only
for mod_auth. It's not, it's needed for all auth modules. Add this to
your config:

  AuthType basic

-- 
Dave Carrigan (dave@rudedog.org)            | Yow! Edwin Meese made me wear
UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-DNS | CORDOVANS!!
Seattle, WA, USA                            | 
http://www.rudedog.org/                     |