[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [Fwd: Auth with group membership is failing.]
On Fri, 11 Apr 2003, tsg wrote:
> þÅÔ×ÅÒÇ 10 áÐÒÅÌØ 2003 21:43, Brian Vandruff ÎÁÐÉÓÁÌ:
> > Just some additional information:
> >
> > The apache group auth ldap works against 2.0.x server. It does not work
> > against 2.1.x servers.
> Try to use "set" instead of group. For me it was a solution.
>
Well...I still get error 401 Forbidden.
valid-user works, and neither the 'group' nor the 'set' requires work.
<Directory /var/www/html/secure>
# Authentication Realm and Type
AuthName "Staff Area"
AuthType Basic
AuthLDAPURL ldap://some.host.com/dc=host,dc=com
# require valid-user
require group cn=staff,ou=groups,dc=host,dc=com
# require set cn=staff,ou=groups,dc=host,dc=com
</Directory>
But the debug output looks very different. I have attached a text file
containing debug output from the three different types of authentication.
using "require set" I get the following debug output:
Apr 11 09:52:23 some.host slapd[16348]: connection_get(15)
Apr 11 09:52:23 some.host slapd[16350]: send_ldap_result: err=0 matched="" text=""
Apr 11 09:52:23 some.host slapd[16348]: connection_get(15)
Apr 11 09:52:23 some.host slapd[16350]: SRCH "dc=host,dc=org" 2 3
Apr 11 09:52:23 some.host slapd[16350]: 0 0 -1
Apr 11 09:52:23 some.host slapd[16350]: filter: (&(objectClass=*)(uid=brian))
Apr 11 09:52:23 some.host slapd[16350]: attrs:
Apr 11 09:52:23 some.host slapd[16350]:
Apr 11 09:52:23 some.host slapd[16348]: connection_get(15)
Apr 11 09:52:23 some.host slapd[16350]: ==> ldbm_back_bind: dn: uid=brian,ou=people,dc=host,dc=org
Apr 11 09:52:23 some.host slapd[16350]: send_ldap_result: err=0 matched="" text=""
using "require valid-user" I get the following debug out put and a
successfull authentication.
Apr 11 09:54:13 some.host slapd[16348]: connection_get(9)
Apr 11 09:54:13 some.host slapd[16350]: send_ldap_result: err=0 matched="" text=""
Apr 11 09:54:13 some.host slapd[16348]: connection_get(9)
Apr 11 09:54:13 some.host slapd[16350]: SRCH "dc=host,dc=org" 2 3
Apr 11 09:54:13 some.host slapd[16350]: 0 0 -1
Apr 11 09:54:13 some.host slapd[16350]: filter: (&(objectClass=*)(uid=scottm))
Apr 11 09:54:13 some.host slapd[16350]: attrs:
Apr 11 09:54:13 some.host slapd[16350]:
Apr 11 09:54:13 some.host slapd[16348]: connection_get(9)
Apr 11 09:54:13 some.host slapd[16350]: ==> ldbm_back_bind: dn: uid=scottm,ou=people,dc=host,dc=org
Apr 11 09:54:13 some.host slapd[16350]: send_ldap_result: err=0 matched="" text=""
using "require group" I get FORBIDDEN and the following debug output:
Apr 11 10:30:27 some.host slapd[16348]: connection_get(9)
Apr 11 10:30:27 some.host slapd[16350]: SRCH "dc=host,dc=org" 2 3
Apr 11 10:30:27 some.host slapd[16350]: 0 0 -1
Apr 11 10:30:27 some.host slapd[16350]: filter: (&(objectClass=*)(uid=brian))
Apr 11 10:30:27 some.host slapd[16350]: attrs:
Apr 11 10:30:27 some.host slapd[16350]:
Apr 11 10:30:27 some.host slapd[16348]: connection_get(9)
Apr 11 10:30:27 some.host slapd[16350]: ==> ldbm_back_bind: dn: uid=brian,ou=people,dc=host,dc=org
Apr 11 10:30:27 some.host slapd[16350]: send_ldap_result: err=0 matched="" text=""
Apr 11 10:30:27 some.host slapd[16348]: connection_get(9)
Apr 11 10:30:27 some.host slapd[16350]: send_ldap_result: err=0 matched="" text=""
Apr 11 10:30:27 some.host slapd[16348]: connection_get(9)
Apr 11 10:30:27 some.host slapd[16350]: do_compare: dn (cn=staff,ou=groups,dc=host,dc=org) attr (member) value (uid=brian,ou=people,dc=host,dc=org)
Apr 11 10:30:27 some.host slapd[16350]: send_ldap_result: err=16 matched="" text=""
Apr 11 10:30:27 some.host slapd[16348]: connection_get(9)
Apr 11 10:30:27 some.host slapd[16350]: do_compare: dn (cn=staff,ou=groups,dc=host,dc=org) attr (uniqueMember) value (uid=brian,ou=people,dc=host,dc=org)
Apr 11 10:30:27 some.host slapd[16350]: dnMatch -1 "uid=brian,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=bruce,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=dustin,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=dadams,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 2 "uid=michael,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch -1 "uid=lisa,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 2 "uid=jeanine,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=robert,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=vicki,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=anitra,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=scottm,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=randy,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch -1 "uid=kent,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=steve,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=mandi,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=leslie,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 2 "uid=jessica,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=leahr,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=brians,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1 "uid=cathy,ou=People,dc=host,dc=org" "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: send_ldap_result: err=5 matched="" text=""