Thanks so much for helping me with this, Matt. Here is the error log (there’s nothing much in the access log)
# more /var/log/httpd/error_log [Sun Oct 26 19:28:14 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sun Oct 26 19:28:14 2014] [info] Init: Seeding PRNG with 256 bytes of entropy [Sun Oct 26 19:28:14 2014] [info] Init: Initializing (virtual) servers for SSL [Sun Oct 26 19:28:14 2014] [info] mod_ssl/2.2.15 compiled against Server: Apache/2.2.15, Library: OpenSSL/1.0.1e-fips [Sun Oct 26 19:28:14 2014] [debug] mod_auth_cas.c(1937): entering check_vhost_config() [Sun Oct 26 19:28:14 2014] [notice] Digest: generating secret for digest authentication ... [Sun Oct 26 19:28:14 2014] [notice] Digest: done [Sun Oct 26 19:28:14 2014] [debug] util_ldap.c(2089): LDAP merging Shared Cache conf: shm=0x7fbe767eef38 rmm=0x7fbe767eef90 for VHOST: xxxxxxxx.temple.edu [Sun Oct 26 19:28:14 2014] [debug] util_ldap.c(2089): LDAP merging Shared Cache conf: shm=0x7fbe767eef38 rmm=0x7fbe767eef90 for VHOST: xxxxxxtemple.edu [Sun Oct 26 19:28:14 2014] [debug] util_ldap.c(2089): LDAP merging Shared Cache conf: shm=0x7fbe767eef38 rmm=0x7fbe767eef90 for VHOST: xxxxxxxx.temple.edu [Sun Oct 26 19:28:14 2014] [info] APR LDAP: Built with OpenLDAP LDAP SDK [Sun Oct 26 19:28:14 2014] [info] LDAP: SSL support available [Sun Oct 26 19:28:14 2014] [info] Init: Seeding PRNG with 256 bytes of entropy [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(253): shmcb_init allocated 512000 bytes of shared memory [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(272): for 511920 bytes (512000 including header), recommending 32 subcache s, 133 indexes each [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(306): shmcb_init_memory choices follow [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(308): subcache_num = 32 [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(310): subcache_size = 15992 [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(312): subcache_data_offset = 3208 [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(314): subcache_data_size = 12784 [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(316): index_num = 133 [Sun Oct 26 19:28:14 2014] [info] Shared memory session cache initialised [Sun Oct 26 19:28:14 2014] [info] Init: Initializing (virtual) servers for SSL [Sun Oct 26 19:28:14 2014] [info] mod_ssl/2.2.15 compiled against Server: Apache/2.2.15, Library: OpenSSL/1.0.1e-fips [Sun Oct 26 19:28:14 2014] [debug] mod_auth_cas.c(1937): entering check_vhost_config() [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed scoreboard slot 0 in child 15914 for worker proxy:reverse [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized single connection worker 0 in child 15914 for (*) [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed scoreboard slot 0 in child 15913 for worker proxy:reverse [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker proxy:reverse already initialized [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized single connection worker 0 in child 15913 for (*) [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed scoreboard slot 0 in child 15915 for worker proxy:reverse [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker proxy:reverse already initialized [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized single connection worker 0 in child 15915 for (*) [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed scoreboard slot 0 in child 15916 for worker proxy:reverse [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker proxy:reverse already initialized [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized single connection worker 0 in child 15916 for (*) [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed scoreboard slot 0 in child 15912 for worker proxy:reverse [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker proxy:reverse already initialized [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized single connection worker 0 in child 15912 for (*) [Sun Oct 26 19:28:14 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations [Sun Oct 26 19:28:14 2014] [info] Server built: Aug 15 2014 03:02:07 [Sun Oct 26 19:28:14 2014] [debug] prefork.c(1018): AcceptMutex: sysvsem (default: sysvsem) [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed scoreboard slot 0 in child 15917 for worker proxy:reverse [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker proxy:reverse already initialized [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized single connection worker 0 in child 15917 for (*) [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed scoreboard slot 0 in child 15918 for worker proxy:reverse [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker proxy:reverse already initialized [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized single connection worker 0 in child 15918 for (*) [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed scoreboard slot 0 in child 15919 for worker proxy:reverse [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker proxy:reverse already initialized [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized single connection worker 0 in child 15919 for (*) [Sun Oct 26 19:29:50 2014] [info] removed PID file /etc/httpd/run/httpd.pid (pid=15910) [Sun Oct 26 19:29:50 2014] [notice] caught SIGTERM, shutting down [Sun Oct 26 19:29:50 2014] [debug] mod_auth_cas.c(1911): entering cas_cleanup() [Sun Oct 26 19:29:50 2014] [debug] mod_auth_cas.c(1926): exiting cas_cleanup() From: Matt Smith [mailto:[email protected]] Sent: Sunday, October 26, 2014 7:16 PM To: [email protected] Subject: Re: [cas-user] mod_auth_cas doesn't pass ldap credentials to the application Hello Niva, Could you turn on debugging (CASDebug On), set your LogLevel to debug, run the test again (without LDAP params), and send the logs? -Matt On Sun, Oct 26, 2014 at 5:56 PM, Niva Agmon <[email protected]<mailto:[email protected]>> wrote: Removed the AuthLDAPurl line and left “require ldap-user xxxxx” - still getting the same ”Authorization Required” message. When the “require user” statement is removed the CAS login is bypassed and I enter the application directly. Thanks, Niva From: Matt Smith [mailto:[email protected]<mailto:[email protected]>] Sent: Sunday, October 26, 2014 3:10 PM To: [email protected]<mailto:[email protected]> Subject: Re: [cas-user] mod_auth_cas doesn't pass ldap credentials to the application Can you verify if mod_auth_cas works by itself by removing the AuthLDAPurl line and using simply "Require user xXxX" ? -Matt On Oct 26, 2014 2:13 PM, "Niva" <[email protected]<mailto:[email protected]>> wrote: Hello, I'm trying to casify a webapp which is served by apache, but am getting "Authorization Required" after entering the ldap credentials to the CAS Login page. ssl_request.log & ssl_access.log on the application server show: TLSv1 AES128-SHA "GET /?ticket=ST-64-gJfvc1OeAtjgo2Qdx7aS-np-casxxxx HTTP/1.1" 484 ( This is what's in the ssl.conf: <Directory "/var/www/html"> Order allow,deny Allow from all AuthType CAS AuthName "TEST CAS AUTH" AuthLDAPURL ldaps://ldap.example.com:636/ou=People,dc=example,dc=com?uid?one<http://ldap.example.com:636/ou=People,dc=example,dc=com?uid?one>? require ldap-user xxxxx </Directory> Is there another directive/parameter that will allow authorization and not just just authentication? Setup: Red Hat Enterprise Linux Server release 6.5 (Santiago) Apache 2.2 mod_auth_cas-1.0.9.1 (tried mod_auth_cas-1.0.10.0 unsuccessfully) mod_authz_ldap Thanks, Niva -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- [email protected]<mailto:[email protected]> PGP: E2144AD8 -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
