Dear co-listers, I'm trying to migrate LDAP authorizations from Apache to Cherokee.
Before beginning, you need to know that, in my case, users' logins are stored in the "cn" attribute of LDAP records. In Apache, this was handled by the following directive: AuthLDAPURL ldap://ldap.acme.org/dc=acme,dc=org?cn Then depending on URLs and methods, I used in Apache one of the following statements: - require valid-user - require ldap-user <ldap common name> - require ldap-group cn=<group name>,dc=acme,dc=org I haven't been very lucky in translating them into Cherokee... For the first one, the bind must be done by the user himself. So I thought it would be something like that in Cherokee: bind domain: cn=${user},dc=acme,dc=org bind password: ${password} base domain: dc=acme,dc=org I would have used an empty filter but i get a configuration exception. So I tried with (), (cn=${user}) and even with (objectClass=*). After using one of them, I can start Cherokee but I get an error 500 when I get the resource. I know it works when the bind is done by the admin, but it's not what is done by Apache, and it's not what I want to do... I don't like having admin passwords in config files... I also tried to translate the second statement (here I used admin bind to keep things simple). I filled in the users lists in authentification details, and what I got was a configuration exception. As for the third statement, I don't even have a hint of how it could be done. I must admit I'm completely lost. So far setting up Cherokee was quite easier than setting up Apache (for reverse proxies, complex rewrite rules, etc.). Therefore, I cannot imagine it is so hard to translate what were one-liners in Apache. I must have missed something... Any help would be warmly welcomed :) Regards, Aurélien _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
