Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

OpenLDAP and Apache

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users OpenLDAP and Apache
# 1  
Old 06-20-2005
Error OpenLDAP and Apache
Hello!
I'm starting to panic here!
I'm trying to authorize Subversion (via apache) users at my company here via LDAP.
Sure everything works when just authorizing users with require valid-user
But! That is not what I'm looking for, I wish to Authorize by membership in specifik groups...

This is how my structure looks:
LDAP:
The svn groups are under:
ou=svn,ou=group,dc=company,dc=com
The groups are:
boss and test

The group svn has objectClass's top and organizationalUnit
The other two groups are top and posixGroup, they got gid 1012 and 1015
and I'm member of these two.

Apache:
I've got a subversion config with the ldap url etc:

<Location /svn/test>
DAV svn
SVNPath /data/svn/test
AuthType Basic
AuthName "Test Subversion Repository"
AuthLDAPAuthoritative on
AuthLDAPEnabled on
AuthLDAPURL "ldap://ldap.company.com/ou=people,dc=company,dc=com?uid"
require group cn=test
require valid-user
</Location>

if I run with this it just swollows it even if I set require group to cn=mjew which aint a valid group at all..

So this is what I want:
I want apache to look for the user, and find out if for example david is a member in cn=test,ou=svn,ou=group, then let the user use the repository.

So what is it that I do wrong? does it have anything with Ldap Bind to do?
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. Red Hat

Openldap 2.4.31 replication

Hi, I have done setup for openldap master and slave. Its working fine and replicating also. But it is working only with plane text password in syncrepl . How we can use encrypted password here also like we are using in rootpw ? Below portion is working. syncrepl rid=101 ... (3 Replies)
Discussion started by: Priy
3 Replies

2. Solaris

Sol10 - OpenLDAP Auth

Hi, im new to Solaris (10) and need some help please. Situation: Actually is there a Linux (SLES11) OpenLDAP-Server and authentification of Linux-Maschines works pretty sweet. Now i want to put the SOL10 (Sparc) boxes in.... Problem: User Authentification via OpenLDAP on Sol10 doesn´t work... (3 Replies)
Discussion started by: Panzerkampfwagn
3 Replies

3. UNIX for Advanced & Expert Users

OpenLDAP and Solaris10 problems

Hi All, I have configured OpenLDAP sucessfully and set following results indicating that the user is loaded on the LDAP database test5:/ $ cat /etc/passwd | grep admin777 test5:/ $ getent passwd admin777 admin777:x:5011:1000::/:/bin/bash test5:/ $ id admin777 uid=5011(admin777)... (0 Replies)
Discussion started by: esawyja
0 Replies

4. Solaris

Openldap configuration

I m using Intel solaris 10 version . I m trying to install openldap and used several documents and package versions . But every time I got CC PATH error and while I solved the CC issue , I got Barkley DB error . :wall: Is there any perticular site from where I can install and configure... (1 Reply)
Discussion started by: sanjee
1 Replies

5. Solaris

OpenLDAP setup

At work I'm been givin the task to move are backend servers from NIS to LDAP. We have mostly Solaris 10 servers, as well as a few Redhat servers. I am going to use openLDAP as the LDAP server. I'm looking for a good how to guide on setting up the openLDAP server. Most of the docs I have found seem... (0 Replies)
Discussion started by: bitlord
0 Replies

6. Red Hat

Need OpenLDAP Help

Hi, all: I'm studying for the RHCE and have hit the section on configuring an OpenLDAP client. I'd like to practice this, but I can't get an OpenLDAP server set up. I followed the directions in RedHat's Deployment Guide, and it looks like the server is up and running, but I can't get the... (0 Replies)
Discussion started by: rjlohman
0 Replies

7. AIX

openLDAP with Aix

hello I have a P570 with 3 partitions. These partitions are available, since 1 year. So there are a lot of users, files, etc, on these partition I must now install an openldap with Debian to manage all these users. But several pb: on LDAP, we are 1 iud for user and one home directory, 1 gid... (0 Replies)
Discussion started by: pascalbout
0 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

apache::authznetldap

AuthzNetLDAP(3pm)					User Contributed Perl Documentation					 AuthzNetLDAP(3pm)

NAME

       Apache::AuthzNetLDAP - Apache-Perl module that enables you to authorize a user for Website based on LDAP attributes.

SYNOPSIS

	 PerlSetVar BindDN "cn=Directory Manager"
	 PerlSetVar BindPWD "password"
	 PerlSetVar BaseDN "ou=people,o=unt.edu"
	 PerlSetVar LDAPServer ldap.unt.edu
	 PerlSetVar LDAPPort 389
	 PerlSetVar UIDAttr uid
	#PerlSetVar UIDAttr mail

	 PerlAuthenHandler Apache::AuthNetLDAP
	 PerlAuthzHandler Apache::AuthzNetLDAP

	 #require valid-user
	 #require user mewilcox
	 #require user mewilcox@venus.acs.unt.edu
	 #require group "cn=Peoplebrowsers1,ou=UNTGroups,ou=People, o=unt.edu"
	 #require ldap-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=wilcox
	 #require ldap-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=smith
	 #require ldap-url ldap://castor.acs.unt.edu/ou=people,o=unt.edu??sub?untcourse=
       untcoursenumber=1999CCOMM2040001,ou=courses,ou=acad,o=unt.edu

DESCRIPTION

       After you have authenticated a user (perhaps with Apache::AuthNetLDAP ;) you can use this module to determine whether they are authorized
       to access the Web resource under this modules control.

       You can control authorization via one of four methods. The first two are pretty standard, the second two are unique to LDAP.

       "require" options --

       user -> Will authorize access if the authenticated user's username.

       valid-user -> Will authorize any authenticated user.

       group -> Will authorize any authenticated user who is a member of the LDAP group specified by groupdn. This module supports groupOfMember,
       groupOfUniquemember and Netscape's dynamic group object classes.

       ldap-url -> This will authorize any authenticated user who matches the query specified in the given LDAP URL. This is enables users to get
       the flexibility of Netscape's dynamic groups, even if their LDAP server does not support such a capability.

CONFIGURATION NOTES

	It is important to note that this module must be used in conjunction with an authentication module. (...?
       Is this true?  I just thought, that you might want to only authorize a user, instead of authenticate...)
       If you are using an authentication module, then the following lines will not need to be duplicated:

	 PerlSetVar BindDN "cn=Directory Manager"
	 PerlSetVar BindPWD "password"
	 PerlSetVar BaseDN "ou=people,o=unt.edu"
	 PerlSetVar LDAPServer ldap.unt.edu
	 PerlSetVar LDAPPort 389
	 PerlSetVar UIDAttr uid
	#PerlSetVar UIDAttr mail

	 PerlAuthenHandler Apache::AuthNetLDAP

       The following lines will not need to be duplicated if supported by the authentication module:

	 #require valid-user
	 #require user mewilcox
	 #require user mewilcox@venus.acs.unt.edu
	 #require group "cn=Peoplebrowsers1,ou=UNTGroups,ou=People, o=unt.edu"
	 #require ldap-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=wilcox
	 #require ldap-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=smith
	 #require ldap-url ldap://castor.acs.unt.edu/ou=people,o=unt.edu??sub?untcourse=

       Obviously, the ldap-url attribute is probably only support by this module.

       Check out the following link for options to load the module:

       http://perl.apache.org/docs/1.0/guide/config.html#The_Startup_File http://perl.apache.org/docs/2.0/user/config/config.html#Startup_File

AUTHOR

       Mark Wilcox mewilcox@unt.edu and Shannon Eric Peevey speeves@unt.edu

SEE ALSO

       perl(1).

WARRANTY Hey, I didn't destroy mankind when testing the module. You're mileage may vary.
       This module is distributed with the same license as Perl's.

perl v5.10.0							    2008-06-29							 AuthzNetLDAP(3pm)