06-20-2005
OpenLDAP and Apache
Hello!
I'm starting to panic here!
I'm trying to authorize Subversion (via apache) users at my company here via LDAP.
Sure everything works when just authorizing users with require valid-user
But! That is not what I'm looking for, I wish to Authorize by membership in specifik groups...
This is how my structure looks:
LDAP:
The svn groups are under:
ou=svn,ou=group,dc=company,dc=com
The groups are:
boss and test
The group svn has objectClass's top and organizationalUnit
The other two groups are top and posixGroup, they got gid 1012 and 1015
and I'm member of these two.
Apache:
I've got a subversion config with the ldap url etc:
<Location /svn/test>
DAV svn
SVNPath /data/svn/test
AuthType Basic
AuthName "Test Subversion Repository"
AuthLDAPAuthoritative on
AuthLDAPEnabled on
AuthLDAPURL "ldap://ldap.company.com/ou=people,dc=company,dc=com?uid"
require group cn=test
require valid-user
</Location>
if I run with this it just swollows it even if I set require group to cn=mjew which aint a valid group at all..
So this is what I want:
I want apache to look for the user, and find out if for example david is a member in cn=test,ou=svn,ou=group, then let the user use the repository.
So what is it that I do wrong? does it have anything with Ldap Bind to do?
7 More Discussions You Might Find Interesting
1. AIX
hello
I have a P570 with 3 partitions.
These partitions are available, since 1 year. So there are a lot of users, files, etc, on these partition
I must now install an openldap with Debian to manage all these users.
But several pb:
on LDAP, we are 1 iud for user and one home directory, 1 gid... (0 Replies)
Discussion started by: pascalbout
0 Replies
2. Red Hat
Hi, all:
I'm studying for the RHCE and have hit the section on configuring an OpenLDAP client. I'd like to practice this, but I can't get an OpenLDAP server set up. I followed the directions in RedHat's Deployment Guide, and it looks like the server is up and running, but I can't get the... (0 Replies)
Discussion started by: rjlohman
0 Replies
3. Solaris
At work I'm been givin the task to move are backend servers from NIS to LDAP. We have mostly Solaris 10 servers, as well as a few Redhat servers. I am going to use openLDAP as the LDAP server. I'm looking for a good how to guide on setting up the openLDAP server. Most of the docs I have found seem... (0 Replies)
Discussion started by: bitlord
0 Replies
4. Solaris
I m using Intel solaris 10 version . I m trying to install openldap and used several documents and package versions .
But every time I got CC PATH error and while I solved the CC issue , I got Barkley DB error . :wall:
Is there any perticular site from where I can install and configure... (1 Reply)
Discussion started by: sanjee
1 Replies
5. UNIX for Advanced & Expert Users
Hi All,
I have configured OpenLDAP sucessfully and set following results indicating that the user is loaded on the LDAP database
test5:/ $ cat /etc/passwd | grep admin777
test5:/ $ getent passwd admin777
admin777:x:5011:1000::/:/bin/bash
test5:/ $ id admin777
uid=5011(admin777)... (0 Replies)
Discussion started by: esawyja
0 Replies
6. Solaris
Hi,
im new to Solaris (10) and need some help please.
Situation: Actually is there a Linux (SLES11) OpenLDAP-Server and authentification of Linux-Maschines works pretty sweet. Now i want to put the SOL10 (Sparc) boxes in....
Problem: User Authentification via OpenLDAP on Sol10 doesn´t work... (3 Replies)
Discussion started by: Panzerkampfwagn
3 Replies
7. Red Hat
Hi,
I have done setup for openldap master and slave.
Its working fine and replicating also.
But it is working only with plane text password in syncrepl .
How we can use encrypted password here also like we are using in rootpw ?
Below portion is working.
syncrepl rid=101
... (3 Replies)
Discussion started by: Priy
3 Replies
LEARN ABOUT DEBIAN
authen::simple::ldap
Authen::Simple::LDAP(3pm) User Contributed Perl Documentation Authen::Simple::LDAP(3pm)
NAME
Authen::Simple::LDAP - Simple LDAP authentication
SYNOPSIS
use Authen::Simple::LDAP;
my $ldap = Authen::Simple::LDAP->new(
host => 'ldap.company.com',
basedn => 'ou=People,dc=company,dc=net'
);
if ( $ldap->authenticate( $username, $password ) ) {
# successfull authentication
}
# or as a mod_perl Authen handler
PerlModule Authen::Simple::Apache
PerlModule Authen::Simple::LDAP
PerlSetVar AuthenSimpleLDAP_host "ldap.company.com"
PerlSetVar AuthenSimpleLDAP_basedn "ou=People,dc=company,dc=net"
<Location /protected>
PerlAuthenHandler Authen::Simple::LDAP
AuthType Basic
AuthName "Protected Area"
Require valid-user
</Location>
DESCRIPTION
Authenticate against a LDAP service.
METHODS
o new
This method takes a hash of parameters. The following options are valid:
o host
Connection host, can be a hostname, IP number or a URI. Defaults to "localhost".
host => ldap.company.com
host => 10.0.0.1
host => ldap://ldap.company.com:389
host => ldaps://ldap.company.com
o port
Connection port, default to 389. May be overridden by host if host is a URI.
port => 389
o timeout
Connection timeout, defaults to 60.
timeout => 60
o version
The LDAP version to use, defaults to 3.
version => 3
o binddn
The distinguished name to bind to the server with, defaults to bind anonymously.
binddn => 'uid=proxy,cn=users,dc=company,dc=com'
o bindpw
The credentials to bind with.
bindpw => 'secret'
o basedn
The distinguished name of the search base.
basedn => 'cn=users,dc=company,dc=com'
o filter
LDAP filter to use in search, defaults to "(uid=%s)".
filter => '(uid=%s)'
o scope
The search scope, can be "base", "one" or "sub", defaults to "sub".
filter => 'sub'
o log
Any object that supports "debug", "info", "error" and "warn".
log => Log::Log4perl->get_logger('Authen::Simple::LDAP')
o authenticate( $username, $password )
Returns true on success and false on failure.
EXAMPLE USAGE
Apple Open Directory
my $ldap = Authen::Simple::LDAP->new(
host => 'od.company.com',
basedn => 'cn=users,dc=company,dc=com',
filter => '(&(objectClass=inetOrgPerson)(objectClass=posixAccount)(uid=%s))'
);
Microsoft Active Directory
my $ldap = Authen::Simple::LDAP->new(
host => 'ad.company.com',
binddn => 'proxyuser@company.com',
bindpw => 'secret',
basedn => 'cn=users,dc=company,dc=com',
filter => '(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=%s))'
);
Active Directory by default does not allow anonymous binds. It's recommended that a proxy user is used that has sufficient rights to search
the desired tree and attributes.
SEE ALSO
Authen::Simple::ActiveDirectory.
Authen::Simple.
Net::LDAP.
AUTHOR
Christian Hansen "chansen@cpan.org"
COPYRIGHT
This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.
perl v5.14.2 2012-04-23 Authen::Simple::LDAP(3pm)