With a lot of searching I found the correct syntax is:
AuthLDAPUrl
"ldaps://evregistryprda.cyber.example.com.cyber.example.com:1636
chregistryprda.cyber.example.com.cyber.example.com:1636
evregistryprdb.cyber.example.com.cyber.example.com:1636
chregistryprdb.cyber.example.com.cyber.example.com:1636/dc=example,dc=com?uid?sub?(objectclass=*)"
Darryl Baker, GSEC (he/him/his)
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
1800 Sherman Ave.
Suite 6-600 – Box #39
Evanston, IL 60201-3715
[email protected]
(847) 467-6674
On 8/26/20, 2:24 PM, "Darryl Philip Baker" <[email protected]>
wrote:
I have been experimenting and I can get the AuthLDAPURL line to work if I
have only one host:port listed. 2 or more fails. Has anyone gotten multiple
host:port entries in the AuthLDAPURL argument list?
The documentation says:
host:port
The name/port of the ldap server (defaults to localhost:389 for ldap, and
localhost:636 for ldaps). To specify multiple, redundant LDAP servers, just
list all servers, separated by spaces. mod_authnz_ldap will try connecting to
each server in turn, until it makes a successful connection. If multiple ldap
servers are specified, then entire LDAP URL must be encapsulated in double
quotes.
Darryl Baker, GSEC (he/him/his)
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
1800 Sherman Ave.
Suite 6-600 – Box #39
Evanston, IL 60201-3715
[email protected]
(847) 467-6674
On 8/26/20, 10:39 AM, "Darryl Philip Baker" <[email protected]>
wrote:
All I get is:
AH00526: Syntax error on line 131 of
/opt/rh/httpd24/root/etc/httpd/conf.d/ldapdir.conf:
Bad LDAP URL while parsing.
Darryl Baker, GSEC (he/him/his)
Sr. System Administrator
Distributed Application Platform Services
Northwestern University
1800 Sherman Ave.
Suite 6-600 – Box #39
Evanston, IL 60201-3715
[email protected]
(847) 467-6674
On 8/26/20, 10:36 AM, "Eric Covener" <[email protected]> wrote:
On Wed, Aug 26, 2020 at 11:34 AM Darryl Philip Baker
<[email protected]> wrote:
>
> I am trying to port a configuration from Apache 2.2 to Apache 2.4
that is used for LDAP authentication, but I have little knowledge of LDAP. I
can translate “Order deny,allow” and “Deny from All” I have found that
“AuthzLDAPAuthoritative off” has been removed from Apache 2.4. I am getting a
syntax error on the AuthLDAPUrl line. From one of the examples I found, do I
need to change from a Directory block to a Location block?
>
>
>
> Here is what the stanza is in Apache 2.2
>
>
>
> <Directory "/usr/local/www/docs/it/snaps">
>
> Options -Indexes +FollowSymLinks +ExecCGI +Includes
>
> Order deny,allow
>
> Deny from All
>
> AuthName "Enter Your Netid and Password"
>
> AuthType basic
>
> AuthBasicProvider ldap
>
> AuthzLDAPAuthoritative off
>
> AuthLDAPBindDN "cn=sanitycheck, ou=Service, dc=example,
dc=com"
>
> AuthLDAPBindPassword "tmd+pkx"
>
> AuthLDAPUrl
"ldaps://evregistryprda.cyber.example.com.cyber.example.com:1636
ldaps://chregistryprda.cyber.example.com.cyber.example.com:1636
ldaps://evregistryprdb.cyber.example.com.cyber.example.com:1636
ldaps://chregistryprdb.cyber.example.com.cyber.example.com:1636/dc=example,dc=com?uid?sub?(objectclass=*)"
>
> Require valid-user
>
> Satisfy any
>
> </Directory>
>
>
Should be no difference. Can you share the verbatim error message
you
get from `apachectl -t`?
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
?B�KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB�?�?[��X��ܚX�K??K[XZ[?�?\�\��][��X��ܚX�P??????�\?X�?K�ܙ�B��܈?Y??]?[ۘ[??��[X[�?�??K[XZ[?�?\�\��Z?[????????�\?X�?K�ܙ�B
