[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: auth_ldap problems




Dave Carrigan wrote:
> 
> "Mark T. Johns" <xmtj@rims.com> writes:
> 
> > Does anyone have experience using auth_ldap with apache and
> > openldap?
> 
> I do :-)
> 
> > I am getting errors in my apache error_log like this:
> >
> > [Thu Feb 24 15:34:24 2000] [alert] [client 10.0.3.195]
> > /home/httpd/html/calendar/.htaccess: LDAP URL has an invalid scope
> >
> > This is with a .htaccess that looks like this:
> >
> > AuthLDAPAuthoritative On
> > AuthLDAPURL ldap://rimsweb.rims.com:389/o=rims,c=US?cn?(objectclass=*)
> 
> You're missing a question mark.
> 
> The URL is of the format ldap://server/basedn?attr?scope?filter
> 
> In your URL, it's treating "(objectclass=*)" as the scope. A correct URL
> would be
> 
>  ldap://rimsweb.rims.com:389/o=rims,c=US?cn??(objectclass=*)
> 
>   - or even -
> 
>  ldap://rimsweb.rims.com:389/o=rims,c=US?cn

Thanks. This is getting a little clearer.

> 
> This will use the default "subtree" scope and set a default filter of
> "(objectclass=*)".
> 
> > error:  couldn't perform authentication. AuthType not set!: /calendar/
> 
> You need to set the AuthType. This is very common; I think that the
> Apache docs somehow mislead people into thinking that AuthType is only
> for mod_auth. It's not, it's needed for all auth modules. Add this to
> your config:
> 
>   AuthType basic

Perhaps the next version of the auth_ldap docs could mention that
specifically. Are you accepting patches? ;-)

Thanks for the help.

-Mark

> 
> --
> Dave Carrigan (dave@rudedog.org)            | Yow! Edwin Meese made me wear
> UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-DNS | CORDOVANS!!
> Seattle, WA, USA                            |
> http://www.rudedog.org/                     |

--
'Failure is _NOT_ an option.   ... 
   ...   It comes bundled with every Microsoft product.'
--
Mark T. Johns, Webmaster, RIMS - http://www.rims.com/
email: xmtj@rims.com  - BBS: http://rimsweb.rims.com/ubb/
voice: (630) 428-5389