[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Fwd: Auth with group membership is failing.]



On Fri, 11 Apr 2003, tsg wrote:

> þÅÔ×ÅÒÇ 10 áÐÒÅÌØ 2003 21:43, Brian Vandruff ÎÁÐÉÓÁÌ:
> > Just some additional information:
> >
> > The apache group auth ldap works against 2.0.x server. It does not work
> > against 2.1.x servers.
> Try to use "set" instead of group. For me it was a solution.
> 

Well...I still get error 401 Forbidden. 

valid-user works, and neither the 'group' nor the 'set' requires work.

<Directory /var/www/html/secure>
# Authentication Realm and Type
	AuthName "Staff Area"
	AuthType Basic
	AuthLDAPURL ldap://some.host.com/dc=host,dc=com
#	require valid-user
	require group cn=staff,ou=groups,dc=host,dc=com
#	require set cn=staff,ou=groups,dc=host,dc=com
</Directory>

But the debug output looks very different. I have attached a text file 
containing debug output from the three different types of authentication.




using "require set" I get the following debug output:

Apr 11 09:52:23 some.host slapd[16348]: connection_get(15)
Apr 11 09:52:23 some.host slapd[16350]: send_ldap_result: err=0 matched="" text=""
Apr 11 09:52:23 some.host slapd[16348]: connection_get(15)
Apr 11 09:52:23 some.host slapd[16350]: SRCH "dc=host,dc=org" 2 3
Apr 11 09:52:23 some.host slapd[16350]:     0 0 -1
Apr 11 09:52:23 some.host slapd[16350]:     filter: (&(objectClass=*)(uid=brian))
Apr 11 09:52:23 some.host slapd[16350]:     attrs:
Apr 11 09:52:23 some.host slapd[16350]:
Apr 11 09:52:23 some.host slapd[16348]: connection_get(15)
Apr 11 09:52:23 some.host slapd[16350]: ==> ldbm_back_bind: dn: uid=brian,ou=people,dc=host,dc=org
Apr 11 09:52:23 some.host slapd[16350]: send_ldap_result: err=0 matched="" text=""

using "require valid-user" I get the following debug out put and a
successfull authentication.

Apr 11 09:54:13 some.host slapd[16348]: connection_get(9)
Apr 11 09:54:13 some.host slapd[16350]: send_ldap_result: err=0 matched="" text=""
Apr 11 09:54:13 some.host slapd[16348]: connection_get(9)
Apr 11 09:54:13 some.host slapd[16350]: SRCH "dc=host,dc=org" 2 3
Apr 11 09:54:13 some.host slapd[16350]:     0 0 -1
Apr 11 09:54:13 some.host slapd[16350]:     filter: (&(objectClass=*)(uid=scottm))
Apr 11 09:54:13 some.host slapd[16350]:     attrs:
Apr 11 09:54:13 some.host slapd[16350]:
Apr 11 09:54:13 some.host slapd[16348]: connection_get(9)
Apr 11 09:54:13 some.host slapd[16350]: ==> ldbm_back_bind: dn: uid=scottm,ou=people,dc=host,dc=org
Apr 11 09:54:13 some.host slapd[16350]: send_ldap_result: err=0 matched="" text=""

using "require group" I get FORBIDDEN and the following debug output:


Apr 11 10:30:27 some.host slapd[16348]: connection_get(9)
Apr 11 10:30:27 some.host slapd[16350]: SRCH "dc=host,dc=org" 2 3
Apr 11 10:30:27 some.host slapd[16350]:     0 0 -1
Apr 11 10:30:27 some.host slapd[16350]:     filter: (&(objectClass=*)(uid=brian))
Apr 11 10:30:27 some.host slapd[16350]:     attrs:
Apr 11 10:30:27 some.host slapd[16350]:
Apr 11 10:30:27 some.host slapd[16348]: connection_get(9)
Apr 11 10:30:27 some.host slapd[16350]: ==> ldbm_back_bind: dn: uid=brian,ou=people,dc=host,dc=org
Apr 11 10:30:27 some.host slapd[16350]: send_ldap_result: err=0 matched="" text=""
Apr 11 10:30:27 some.host slapd[16348]: connection_get(9)
Apr 11 10:30:27 some.host slapd[16350]: send_ldap_result: err=0 matched="" text=""
Apr 11 10:30:27 some.host slapd[16348]: connection_get(9)
Apr 11 10:30:27 some.host slapd[16350]: do_compare: dn (cn=staff,ou=groups,dc=host,dc=org) attr (member) value (uid=brian,ou=people,dc=host,dc=org)
Apr 11 10:30:27 some.host slapd[16350]: send_ldap_result: err=16 matched="" text=""
Apr 11 10:30:27 some.host slapd[16348]: connection_get(9)
Apr 11 10:30:27 some.host slapd[16350]: do_compare: dn (cn=staff,ou=groups,dc=host,dc=org) attr (uniqueMember) value (uid=brian,ou=people,dc=host,dc=org)
Apr 11 10:30:27 some.host slapd[16350]: dnMatch -1       "uid=brian,ou=People,dc=host,dc=org"     "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=bruce,ou=People,dc=host,dc=org"     "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=dustin,ou=People,dc=host,dc=org"    "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=dadams,ou=People,dc=host,dc=org"    "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 2        "uid=michael,ou=People,dc=host,dc=org"   "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch -1       "uid=lisa,ou=People,dc=host,dc=org"      "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 2        "uid=jeanine,ou=People,dc=host,dc=org"   "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=robert,ou=People,dc=host,dc=org"    "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=vicki,ou=People,dc=host,dc=org"     "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=anitra,ou=People,dc=host,dc=org"    "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=scottm,ou=People,dc=host,dc=org"    "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=randy,ou=People,dc=host,dc=org"     "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch -1       "uid=kent,ou=People,dc=host,dc=org"      "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=steve,ou=People,dc=host,dc=org"     "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=mandi,ou=People,dc=host,dc=org"     "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=leslie,ou=People,dc=host,dc=org"    "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 2        "uid=jessica,ou=People,dc=host,dc=org"   "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=leahr,ou=People,dc=host,dc=org"     "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=brians,ou=People,dc=host,dc=org"    "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: dnMatch 1        "uid=cathy,ou=People,dc=host,dc=org"     "uid=brian,ou=people,dc=host,dc=org"
Apr 11 10:30:27 some.host slapd[16350]: send_ldap_result: err=5 matched="" text=""