DO NOT REPLY [Bug 42627] New: - Unable to authenticate using authz-ldap require group

Sun, 10 Jun 2007 17:12:10 -0700 

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=42627>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=42627

           Summary: Unable to authenticate using authz-ldap require group
           Product: Apache httpd-2
           Version: 2.2.3
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authz_ldap
        AssignedTo: [email protected]
        ReportedBy: [EMAIL PROTECTED]


Similar sounding to bug http://issues.apache.org/bugzilla/show_bug.cgi?id=40926,
I cannot authenticate using membership in a group. This used to work when I
first set it up (using some version of Apache 2.0.x), but now it does not.

My Group object looks like this:
cn=Post News,ou=Service 
Authentication,ou=Groups,dc=jamie-thompson,dc=co,dc=uk,dc=.
cn: Post News
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: 
uid=testuser,ou=People,ou=Accounts,dc=jamie-thompson,dc=co,dc=uk,dc=.

My .htaccess looks like this:
<FilesMatch "postnews">
        #AuthLDAPBindDN <admin dn>
        #AuthLDAPBindPassword <admin password>

        AuthLDAPURL
ldap://localhost/ou=People,ou=Accounts,dc=jamie-thompson,dc=co,dc=uk,dc=.?uid
        AuthType Basic
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off
        AuthName "Permission to post new news items"
        Require group
cn=Post%20News,ou=Service%20Authentication,ou=Groups,dc=jamie-thompson,dc=co,dc=uk,dc=.
        #require user testuser
</FilesMatch>

I have worked through the bug I mentioned earlier, but I was unable to resolve
my issue and get things working. I have tried specifying my admin DN in case in
was a permission issue, but this made no difference.  I also tried both
ldap-group and group, but this made no difference either. Adding in the
require-user works, but that is a separate bit of functionality so I would
expect it to. My group URL used to have unescaped spaces in it, so I have tried
escaping them, but still this has not helped.

I also turned on the ldap cache info feature, and this shows only the search
urls. I have the DN of my user account, and nothing under compares or dn 
compares.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to