DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40603>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40603 Summary: AuthLDAPURL does not work with space-separated hosts Product: Apache httpd-2 Version: 2.2-HEAD Platform: PC OS/Version: FreeBSD Status: NEW Severity: normal Priority: P2 Component: mod_authz_ldap AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] [Note: this is actually a bug report for mod_authnz_ldap, which is not listed in the available components.] I am running httpd 2.2.3, built via the FreeBSD ports tree on an up-to-date FreeBSD 6.1 system using the following flags: make WITH_LDAP_MODULES=yes WITH_AUTH_MODULES=yes WITH_MISC_MODULES=yes WITH_SSL_MODULES=yes The documentation for mod_authnz_ldap says that multiple servers may be listed by separating them with spaces. This feature worked on a 2.2.2 system but I have not been able to make it work in 2.2.3. This setting: AuthLDAPURL ldaps://ldap0.foo.com ldap1.foo.com/ou=people,dc=foo,dc=com generates this error: [Mon Sep 25 14:08:40 2006] [alert] [client xxx.xxx.xxx.xxx] /foo/.htaccess: Invalid LDAP connection mode setting: must be one of NONE, SSL, or TLS/STARTTLS, referer: ... This setting: AuthLDAPURL "ldaps://ldap0.foo.com ldap1.foo.com/ou=people,dc=foo,dc=com" generates this error: [Mon Sep 25 14:12:46 2006] [warn] [client xxx.xxx.xxx.xxx] [94852] auth_ldap authenticate: user bar authentication failed; URI /foo/uri [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server], referer: ... This setting: AuthLDAPURL ldaps://ldap0.foo.com ldap1.foo.com/ou=people,dc=foo,dc=com SSL generates this error: [Mon Sep 25 14:13:02 2006] [alert] [client xxx.xxx.xxx.xxx] /foo/uri: AuthLDAPURL takes 1-2 arguments, URL to define LDAP connection. This should be an RFC 2255 complaint\nURL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n<ul>\n<li>Host is the name of the LDAP server. Use a space separated list of hosts \nto specify redundant servers.\n<li>Port is optional, and specifies the port to connect to.\n<li>basedn specifies the base DN to start searches from\n<li>Attrib specifies what attribute to search for in the directory. If not provided, it defaults to <b>uid</b>.\n<li>Scope is the scope of the search, and can be either <b>sub</b> or <b>one</b>. If not provided, the default is <b>sub</b>.\n<li>Filter is a filter to use in the search. If not provided, defaults to <b>(objectClass=*)</b>.\n</ul>\nSearches are performed using the attribute and the filter combined. For example, assume that the\nLDAP URL is <b>ldap://ldap.airius.com/ou=People, o=Airius?uid?sub?(posixid=*)</b>. Searches will\nbe done using the filter <b>(&((posixid=*))(uid=<i>username</i>))</b>, where <i>username</i>\nis the user name passed by the HTTP client. The search will be a subtree search on the branch <b>ou=People, o=Airius</b>., referer: ... -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
