https://issues.apache.org/bugzilla/show_bug.cgi?id=47333
Summary: LDAP Authentication is not accepted when trying to use
credentials from different sources for one directory
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_authz_ldap
AssignedTo: [email protected]
ReportedBy: [email protected]
I have the following configuration for protecting directory with LDAP (see
below).
So basically we want valid users both from subtrees of OU1 and OU2 to be able
to download our files. But only accounts belonging to OU1 are able to do it.
Accounts belonging to OU2 will get access denied page. If we switch the order
of "Directory" directives it will work for OU2, but not for OU1.
<Directory "/srv/www/htdocs/some_system/">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthName "SOME SYSTEM"
AuthType Basic
AuthLDAPUrl
"ldap://servername:389/OU=OU1,DC=intra,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=authuser1,OU=Other Accounts,OU=OU1,DC=intra,DC=local"
AuthLDAPBindPassword "password"
AuthzLDAPAuthoritative off
Require valid-user
</Directory>
<Directory "/srv/www/htdocs/some_system/">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthName "SOME SYSTEM"
AuthType Basic
AuthLDAPUrl
"ldap://servername:389/OU=OU2,DC=intra,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=authuser1,OU=Other Accounts,OU=OU1,DC=intra,DC=local"
AuthLDAPBindPassword "password"
AuthzLDAPAuthoritative off
Require valid-user
</Directory>
On the other side we want the same scheme to work for cgi-bin and all scripts
in it (see below). And this time it works for both OU1 and OU2.
So why we have such a difference for executing scripts and just downloading
files?
<Directory "/srv/www/cgi-bin/some_system/">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthName "SOME SYSTEM"
AuthType Basic
AuthLDAPUrl
"ldap://servername:389/OU=OU1,DC=intra,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=authuser1,OU=Other Accounts,OU=OU1,DC=intra,DC=local"
AuthLDAPBindPassword "password"
AuthzLDAPAuthoritative off
Require valid-user
</Directory>
<Directory "/srv/www/cgi-bin/some_system/">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthName "SOME SYSTEM"
AuthType Basic
AuthLDAPUrl
"ldap://servername:389/OU=OU2,DC=intra,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=authuser1,OU=Other Accounts,OU=OU1,DC=intra,DC=local"
AuthLDAPBindPassword "password"
AuthzLDAPAuthoritative off
Require valid-user
</Directory>
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
